CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

openSUSE 16 Security Update : libssh (openSUSE-SU-2026:20647-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20647-1 advisory. - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of...

SUSE-SU-2026:21428-1 Security update for libssh

This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...

Security update for libssh (moderate)

openSUSE security update: security update for libssh ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20647-1 Rating: moderate References: bsc1246974 bsc1249375 bsc1258045 bsc1258049 bsc1258054 bsc1258080 bsc1258081 Cross-References: CVE-2025-8114...

SUSE CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.11.4-alpha.2 contained a security vulnerability. This vulnerability stemmed from insecure direct object references in the video proxy endpoints, which could allow access to other users’ video content...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

Linux Distros Unpatched Vulnerability : CVE-2026-3731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c o...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832

CVE-2026-30832 — Soft Serve : A authenticated SSH user could force the server to perform HTTP requests to internal/private IPs by importing a crafted --lfs-endpoint URL, enabling access to internal targets. The initial batch request is blind and metadata endpoint parsing may not yield valid LFS J...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2025-62162

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

CVE-2025-62162

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

CVE-2025-62162 cel-rust May Panic During Parsing of Invalid CEL Expressions

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...

CVE-2025-62162

CVE-2025-62162 — cel-rust DoS via malformed CEL expressions . The vulnerability affects the CEL interpreter written in Rust, specifically versions 0.10.0 through before 0.11.4. Parsing certain malformed CEL expressions can cause the parser to panic and terminate the process, enabling a denial of ...

PT-2025-41615

Name of the Vulnerable Software and Affected Versions cel-rust versions 0.10.0 through 0.11.3 Description cel-rust is a Common Expression Language interpreter written in Rust. Parsing specific, malformed Common Expression Language CEL expressions can cause the parser to terminate unexpectedly. If...

EUVD-2023-0777

Malicious code in bioql PyPI...

CVE-2023-0914

Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4...

CVE-2023-0914

Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4...