xorg-x11-server security, bug fix, and enhancement update

An update is available for xorg-x11-server. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list X.Org is an open-source implementation of the X Window System. It...

xorg-x11-server-Xwayland security, bug fix, and enhancement update

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Xwayland is an X server for running X clients under Wayland...

RLSA-2026:26610 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

RLSA-2026:26590 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

xorg-x11-server-Xwayland security, bug fix, and enhancement update

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Xwayland is an X server for running X clients under Wayland...

RLSA-2026:26562 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

RLSA-2026:26709 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

xorg-x11-server security, bug fix, and enhancement update

An update is available for xorg-x11-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list X.Org is an open-source implementation of the X Window System. It...

PT-2026-50965

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with is executable. On POSIX...

PT-2026-51015

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.0 through 3.0.8 Description The MySQL frontend incorrectly processes the PROXY UNKNOWN r PP1 frame of the PROXY protocol v1. According to the specification, when the protocol token is UNKNOWN, the receiver must ignore...

PT-2026-51064

Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fill indent in dump.h calls memsetindent str, ' ', size topts-indent without validating the size. When opts-indent is set to INT MAX 2,147,483,647, the size t cast preserves the...

PT-2026-50971

Summary In affected versions, Request::buildRequestUrl inserts path variables into the request URL without URL encoding implode'/', $pathVariables. All request classes implementing getPathVariables are affected, e.g. GetContentDetailsRequest scheme, contentId. If a consuming application passes...

PT-2026-51119

Summary A command injection vulnerability exists in @cyclonedx/cyclonedx-npm when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. User‑supplied --workspace values are passed to a subshell without proper sanitization, enabling attackers...

PT-2026-51051

Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description The createHtml function in SymfonyUXLiveComponentUtilChildComponentPartialRenderer interpolates the $childTag variable directly into the...

RHEL 8 : xorg-x11-server (RHSA-2026:26709)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26709 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

CVE-2026-56075

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

Malicious code in db-connector-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6828cdaf9f4280f7739fd6f5a838a63ea7bc8f7bb0c94eec52fb881c2701c724 The package impersonates the legitimate dx-db-connector the package.json repository field points at...

MAL-2026-6142 Malicious code in db-connector-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6828cdaf9f4280f7739fd6f5a838a63ea7bc8f7bb0c94eec52fb881c2701c724 The package impersonates the legitimate dx-db-connector the package.json repository field points at...

CVE-2026-56075

PrasionAI before 4.5.128 contains an arbitrary shell command execution vulnerability in which UI modules hardcode approval_mode to auto, overriding the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to instruct the LLM agent to run arbitrary commands via subproces...

CVE-2026-56075 PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...