Fedora 44 : python-uv-build / rust-astral-tokio-tar / uv (2026-7aacc8ea7d)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-7aacc8ea7d advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...

fusion-tools (>=3.6.19 <=3.6.90), idt-calculator (=0.1.0) +6 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.6.1)

dash-uploader PYPI version =0.6.0, =3.6.19, =0.0.11, =0.0.30, =0.0.50.0, =0.2.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: OSV:PYSEC-2026-37...

GHSA-XX64-WWV2-HCQQ astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks

Impact In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its...

EUVD-2025-209532

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

CVE-2024-43035

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

@oku-ui/primitives (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/slider (=0.6.1)

@oku-ui/slider NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/slider and may be impacted: - @oku-ui/primitives =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191274...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +8 more potentially affected by unknown CVE via @oku-ui/collection (=0.6.1)

@oku-ui/collection NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/collection and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknow...

@oku-ui/primitives (>=0.0.1 <=0.6.1) potentially affected by unknown CVE via @oku-ui/progress (=0.6.1)

@oku-ui/progress NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/progress and may be impacted: - @oku-ui/primitives =0.0.1, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191268...

[SECURITY] Fedora 41 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc41

Rust FFI bindings to jemalloc...

EUVD-2004-1274

Malware in sbrugna...

EUVD-2018-1927

Malware in sbrugna...

EUVD-2023-44641

Malicious code in bioql PyPI...

EUVD-2025-28351

Malicious code in bioql PyPI...

EUVD-2025-14755

Malicious code in bioql PyPI...

EUVD-2025-24029

Malicious code in bioql PyPI...

CVE-2025-10965

A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllmcall of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed...

PT-2025-39448

Name of the Vulnerable Software and Affected Versions LazyAGI LazyLLM versions prior to 0.6.2 Description A security issue has been identified in LazyAGI LazyLLM. This concerns the deserialization of data within the lazyllm call function located in the lazyllm/components/deploy/relay/server.py...

LazyLLM 代码问题漏洞

LazyLLM is a LazyAGI open source tool for building multi-agent LLMs. A code issue vulnerability exists in LazyLLM 0.6.1 and earlier versions, which stems from a deserialization issue in the function lazyllmcall in the file lazyllm/components/deploy/relay/server.py, which could lead to a remote...

CVE-2025-24302

CVE-2025-24302 affects Intel’s TinyCBOR library prior to version 0.6.1. The issue is described as uncontrolled recursion in TinyCBOR components, which may allow an authenticated user to escalate privileges via local access. The CVSS vectors indicate local, high impact on confidentiality, integrit...

CVE-2025-55008

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...