Security update for libjxl (moderate)

openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0106-1 Rating: moderate References: 1233763 1233783 1258090 Cross-References: CVE-2024-11403 CVE-2024-11498 CVE-2025-12474 CVSS scores: CVE-2024-11403 SUSE: 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L...

SUSE CVE-2026-33623

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

CVE-2026-33623

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling incomplete enforcement of request throttling in the HTTP handler chain, allowing repeated authentication attempts against endpoints such as /health without per-IP rate limiting. An...

EUVD-2023-0251

Malicious code in bioql PyPI...

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

gvisor-tap-vsock security update

0.8.5-1 - Fix CVE-2025-22869 by updating to 0.8.5 - Resolves: RHEL-81313...

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the PyNcclPipe service if it is in use with the V0 engine. An attacker can execute arbitrary code on the...

gvisor-tap-vsock security update

6:0.8.5-1 - Fix CVE-2025-22869 by updating to 0.8.5 - Resolves: RHEL-81312...

SUSE CVE-2022-4572

A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireaderextractfiles of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be...

PT-2022-16161

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.8.5 Netmaker versions prior to 0.9.4 Netmaker versions prior to 0.10.0 Description The issue is related to a hard-coded cryptographic key in the code base of Netmaker, a platform for creating and managing virtual...

PT-2022-13342

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.8.5 Netmaker versions prior to 0.9.4 Netmaker versions prior to 0.10.0 Netmaker versions prior to 0.10.1 Description The issue is related to the use of a hard-coded cryptographic key in Netmaker. This could...

Detector 跨站脚本漏洞

Detector is an open source, simple, Php and JavaScript based browser and feature detection library from the US-based individual developer Dave Olsen. A cross-site scripting vulnerability exists in Detector versions 0.8.5 and below that allows remote attackers to inject arbitrary web script or HTM...

skarg BACnet Protocol Stack Buffer Overflow Vulnerability

The skarg BACnet Protocol Stack is a set of data communication protocols for building automation and control networks. A buffer overflow vulnerability exists in the BACnet/IP BVLC packet handling of the bvlc.c file in version 0.8.5 of the skarg BACnet Protocol Stack, which stems from the program'...

VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Linux)

The host is installed with VLC Media Player and is prone integer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerxspfintoverflowvulnlin.nasl 7015 2017-08-28 11:51:24Z teissa $ VLC Media Player XSPF Playlist Integer Overflow Vulnerability Linux Authors: Shashi Kiran N...

pyftpd Multiple Vulnerabilities

pyftpd is prone to multiple vulnerabilities. 1. pyftpd is prone to multiple default-account vulnerabilities. These issues stem from a design flaw that makes several accounts available to remote attackers. Successful exploits allow remote attackers to gain unauthorized access to a vulnerable...

DEBIAN-CVE-2009-4079

Cross-site request forgery CSRF vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors...