[SECURITY] [DSA 6319-1] yelp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/ Aron Xu June 02, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

Debian dsa-6319 : libyelp-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6319 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/...

CVE-2026-27648 web_webview has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

PT-2026-29568

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

chromium -- security fixes

Chrome Releases reports: This update includes 21 security fixes: 493952652 High CVE-2026-5273: Use after free in CSS. Reported by Anonymous on 2026-03-18 491732188 High CVE-2026-5272: Heap buffer overflow in GPU. Reported by inspector-ambitious on 2026-03-11 488596746 High CVE-2026-5274: Integer...

SUSE CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

Linux Distros Unpatched Vulnerability : CVE-2026-33205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery...

UBUNTU-CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

CVE-2026-33206

CVE-2026-33206 affects Calibre prior to 9.6.0. The vulnerability consists of a path traversal in Calibre’s handling of images in Markdown and similar text-based files, allowing an attacker to include arbitrary filesystem files into the converted book. Additionally, the background-image endpoint i...

EUVD-2026-16610

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

CVE-2026-33205 calibre has Server-Side Request Forgery in ebook viewer backend

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

PT-2026-28473

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.6.0 Description A Server-Side Request Forgery SSRF issue in the 'background-image' endpoint of the web view allows an attacker to perform blind GET requests to arbitrary URLs. This can lead to the exfiltration of...

CVE-2025-12699

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

Google Chrome Insufficient Policy Enforcement Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an Insufficient Policy Enforcement vulnerability, which stems from a failure to strictly enforce established security policy constraints when handling WebView tags, resulting in some high-privilege pages not being...

Socomec DIRIS Digiware M-70 Plaintext Transfer Vulnerability

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. The Socomec DIRIS Digiware M-70 suffers from a plaintext transmission vulnerability that...

PT-2025-48470

Name of the Vulnerable Software and Affected Versions Socomec DIRIS Digiware M-70 version 1.6.9 Description A cleartext transmission issue exists in the WEBVIEW-M functionality. A crafted HTTP request can result in sensitive information being disclosed. An attacker can capture network traffic to...

EUVD-2025-178789

Malicious code in gamma-old-visualize-web-view npm...

Malicious code in gamma-old-visualize-web-view (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c85b8c83f11198dd37909d77ea949f07b7f4f84ed769cfb14f898b385924bd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...