8132 matches found
org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0-M1 <=1.1.4)
org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316419...
[SECURITY] Fedora 44 Update: python-cairosvg-2.9.0-1.fc44
CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...
[SECURITY] Fedora 44 Update: qt6-qtsvg-6.10.3-1.fc44
Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...
PYSEC-2026-109
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
PYSEC-2026-109
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
CVE-2026-41426
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
CVE-2026-41426
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
CVE-2026-41426
CVE-2026-41426 affects pretalx (prior to 2026.1.0). An unauthenticated attacker can inject arbitrary HTML-rendered emails by embedding malformed HTML or markdown in a user-controlled template placeholder (e.g., account display name). The most direct vector is the password-reset flow: attacker cre...
CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
EUVD-2026-25616
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
ai-security-poc
AI Security POC A fully containerised proof-of-concept for te...
GHSA-7HRG-5W46-5R2X Duplicate Advisory: OpenClaw: Slack thread context could include messages from non-allowlisted senders
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qm77-8qjp-4vcm. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages ...
CVE-2026-41678 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...
GHSA-PQF5-4PQQ-29F5 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...
CVE-2026-41681 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...
GHSA-XMGF-HQ76-4VX2 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...
GHSA-HPPC-G8H3-XHP3 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...
GHSA-8C75-8MHR-P7R9 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...
CVE-2026-41677 vulnerabilities
Vulnerabilities for packages: typst, sqlx, bootc, komodo, vector, sentry-cli, sccache, guestproxyagent, sdp-k8s-injector, valkey-ldap, rpm-sequoia, rustup, ztunnel-fips, rustls-openssl-client, deno...