UBUNTU-CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2025-64485

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...

CVE-2025-64485 CVAT: Mounted share file overwrite via crafted request

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...