OPENSUSE-SU-2026:20838-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update x/crypto to 0.52.0 bsc1266167, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831, CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,...

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

CVE-2025-11157

CVE-2025-11157 is a high-severity remote code execution flaw in feast-dev/feast v0.53.0, due to unsafe YAML deserialization in the Kubernetes materializer (feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py) where yaml.load(..., Loader=yaml.Loader) processes /var/feast/feature_store....

PT-2026-1002

Name of the Vulnerable Software and Affected Versions feast-dev/feast version 0.53.0 Description A high-severity remote code execution issue exists in the Kubernetes materializer job located at feast/sdk/python/feast/infra/compute engines/kubernetes/main.py. The problem stems from using...

CVE-2025-66025

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...

CVE-2025-66025 Caido Improperly Handles External Links in Markdown

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...

CVE-2025-66025 Caido Improperly Handles External Links in Markdown

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...

EUVD-2025-199691

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...

CVE-2025-66025

Caido: Prior to 0.53.0, its Findings page Markdown renderer mishandled user-supplied Markdown, allowing attacker-controlled links to render without confirmation. When a user opened a finding from the scanner or plugins, clicking injected links could redirect the Caido application to attacker-cont...

PT-2025-48125

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...

CVE-2024-47062

Navidrome (

kaml has potential denial of service while parsing input with anchors and aliases

Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. Workarounds None. References Wikipedia has an explanation ...

Design/Logic Flaw

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...

CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...

PT-2023-21575 · Kaml · Kaml

Name of the Vulnerable Software and Affected Versions: kaml versions prior to 0.53.0 Description: The issue affects applications that use kaml to parse untrusted input containing anchors and aliases, potentially leading to excessive memory consumption and crashes. This is related to a class of...

DEBIAN-CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

Poppler heap buffer overflow vulnerability (CNVD-2017-22665)

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A heap buffer overflow vulnerability exists in the image rendering function in Poppler version 0.53.0. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial o...

PT-2017-15558 · Poppler +2 · Poppler +2

Name of the Vulnerable Software and Affected Versions: Poppler version 0.53.0 Description: An integer overflow issue exists in the JPEG 2000 image parsing functionality. A specially crafted PDF file can cause an integer overflow, leading to out of bounds memory overwrite on the heap, potentially...