CVE-2026-41250 XSS in taiga-front

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

EUVD-2026-29118

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

UBUNTU-CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-33123

Affected software: pypdf. Vulnerability: inefficient decoding of array-based streams can enable an attacker to craft PDFs that cause long runtimes and/or high memory usage when accessing an array-based stream with many entries. Root cause: malleable decoding path for array-based streams leading t...

CVE-2026-33123 pypdf has inefficient decoding of array-based streams

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

GHSA-QPXP-75PX-XJCP pypdf has inefficient decoding of array-based streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries. Patches This has been fixed in pypdf==6.9.1. Workarounds If you cannot upgrade yet, consider applying the...

CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

EUVD-2026-12578

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

OpenCTI 安全漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.1 contained security vulnerabilities. These vulnerabilities were due to a flaw in GraphQL mutations that lacked validation, which could lead to the deletion of irrelevant and...

[SECURITY] Fedora 42 Update: qt6-qtwebengine-6.9.1-1.fc42

Qt6 - QtWebEngine components...

[SECURITY] Fedora 42 Update: qt6-qtnetworkauth-6.9.1-1.fc42

Qt6 - NetworkAuth component...

Fedora: Security Advisory (FEDORA-2025-b5809de628)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : php-tcpdf (2025-85549e07c8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-85549e07c8 advisory. Version 6.9.1 2025-04-03 - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- Version 6.9.0 2025-03-30 - Added PHP 8.4...

Fedora 40 : php-tcpdf (2025-b5809de628)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b5809de628 advisory. Version 6.9.1 2025-04-03 - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- Version 6.9.0 2025-03-30 - Added PHP 8.4...

PT-2025-07: Path Traversal in TCPDF

The vulnerability was identified in TCPDF, version 6.8.2. The application performs insufficient validation of user input data. Decoding user input allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequen...

PT-2024-15818 · WordPress · The Conversios – Google Analytics 4 (Ga4)

Name of the Vulnerable Software and Affected Versions: The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress versions up to, and including, 6.9.1 Description: The issue is related to a time-based SQL Injection vulnerability. It...

CVE-2021-42257

The CVE-2021-42257 issue affects check_smart prior to version 6.9.1, where an unprivileged user could gain unintended drive access because the check only matches a substring of a device path (the /dev/bus substring and a number) via an unanchored regular expression. The root cause is a permissive...

PT-2021-23568 · Unknown · Check Smart

Name of the Vulnerable Software and Affected Versions: check smart versions prior to 6.9.1 Description: The issue allows unintended drive access by an unprivileged user due to a substring match of a device path, specifically checking for the /dev/bus substring and a number, which is an example of...

CVE-2019-15012

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0...