[SECURITY] Fedora 43 Update: rust-cargo-vendor-filterer-0.5.18-5.fc43

cargo vendor, but with filtering for platforms and more...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: munge (UTSA-2026-014299)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014299 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in...

GHSA-FW9Q-39R9-C252 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

GHSA-fw9q-39r9-c252: Prototype Pollution via Incomplete Lodash set Guard in langsmith-sdk Severity: Medium CVSS 5.6 Status: Fixed in 0.5.18 --- Summary The LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. T...

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

GHSA-fw9q-39r9-c252: Prototype Pollution via Incomplete Lodash set Guard in langsmith-sdk Severity: Medium CVSS 5.6 Status: Fixed in 0.5.18 --- Summary The LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. T...

CVE-2026-40190

LangSmith Client SDKs (langsmith) prior to v0.5.18 contain a prototype pollution vulnerability in the internally vendored lodash set() utility. The baseAssignValue() guard only stops proto but allows traversal via constructor.prototype, enabling an attacker who controls keys in data processed by ...

LangSmith Client SDKs 安全漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.5.18 contained security vulnerabilities. These vulnerabilities stemmed from incomplete prototype pollution repairs in the lodash set utility provided internally within the LangSmi...

[SECURITY] Fedora 42 Update: rust-cargo-vendor-filterer-0.5.18-4.fc42

cargo vendor, but with filtering for platforms and more...

TencentOS Server 4: munge (TSSA-2026:0139)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0139 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0047: munge (ALINUX3-SA-2026:0047)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25506: MUNGE is an authentication service...

OPENSUSE-SU-2026:10178-1 libmunge2-0.5.18-1.1 on GA media

These are all security issues fixed in the libmunge2-0.5.18-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-77451 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

UBUNTU-CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

munge -- CWE-787: Out-of-bounds Write

https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak...

PT-2026-7436

Name of the Vulnerable Software and Affected Versions MUNGE versions 0.5.0 through 0.5.17 Description MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service used by workload managers like Slurm. A buffer overflow exists in the munged daemon, specifically within the msg unpack function when...