RHSA-2026:27355 Red Hat Security Advisory: kernel security update

Bulletin has no description...

RHSA-2026:27353 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:27354 Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:27288 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

DEBIAN-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

DEBIAN-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

DEBIAN-CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

DEBIAN-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

DEBIAN-CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

ECHO-C281-5876-5F69

Bulletin has no description...

ECHO-4013-F50E-8DFC

Bulletin has no description...

ECHO-5509-692B-AA69

Bulletin has no description...

ECHO-2E12-E6DA-9A4B

Bulletin has no description...

ECHO-77C2-91A0-4936

Bulletin has no description...

MAL-2026-6236 Malicious code in query-profile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9a60c7fce9ec29fa327128c80bca74a51b9f1965c50c6dc9286016fa31001bf1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

DEBIAN-CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

ECHO-16DD-65E4-250C

Bulletin has no description...

MAL-2026-6234 Malicious code in yian666aikf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...

MAL-2026-6235 Malicious code in yianzzkf6687 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...

MAL-2026-6233 Malicious code in fluent-dashboard-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e745c609fb43daaa93911ae2edcb05b1ffd3cec1c6ec55c321597e9e39eb153 fluentpanelmetrics/init.py defines an undocumented function bootstrapruntimeprofile and invokes it unconditionally at module top level. The function...

CGA-6J77-9G4P-7R55

Bulletin has no description...

CGA-JQHJ-9577-3G66

Bulletin has no description...

MAL-2026-6231 Malicious code in improvado-layout-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...

GHSA-869J-R97X-HX2G Anki's local HTTP server does not sufficiently validate requests

Summary Anki launches a local HTTP server to serve media files and web pages for parts of its interface. The server fails to validate requests in the following ways: 1. No sufficient validation of the Origin header. 2. Some endpoints are vulnerable to path traversal attacks. This allows malicious...

GHSA-JV2J-MQMW-XVV5 SurrealDB: Denial of Service via deep operator chains

An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators. Such a query — for example RETURN 1 + 1 + 1 + ... with tens of thousands of terms — is parsed into an expression tree one level deep per operator. Because the chain is flat and the pratt...

GHSA-HV6H-HC26-Q48P SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals

A record user could read field values hidden from them by field-level SELECT permissions by reaching the records through a graph-edge - or back-reference SELECT FROM knows, person:bobknows-SELECT FROM person — returned it intact. The root cause: the shared resolverecordbatch helper used by...

GHSA-H4H3-3RFJ-X6FQ SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field

A field can be hidden from a user with a field-level SELECT permission DEFINE FIELD code ON secret PERMISSIONS FOR select WHERE owner = $auth.id. When that field is indexed, a record user who cannot read it could still recover the relative ordering of its values across every record by issuing ORD...

GHSA-CC8F-FCX3-GPJR SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter

SurrealDB's full-text search lets you define a text analyzer whose mapper filter loads a term-mapping file from disk DEFINE ANALYZER ... FILTERS mapper''. A database user with the EDITOR or OWNER role could point that filter at any file the SurrealDB process can read and have its content returned...

GHSA-H5RG-8P7F-47G2 SurrealDB: SSRF via JWKS URL — Redirect Following in JWT Key Fetch

SurrealDB fetches the JWKS document for a JWT or record access method using a bare reqwest client that follows HTTP redirects by default. The network capability check in core/src/iam/jwks.rs checkcapabilitiesurl is applied only to the originally configured URL; redirect targets are not...

GHSA-4XGF-CPJX-PC3J pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

Summary NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is followed, so files outside the configured directory are read into settings value...

GHSA-G2GW-Q38M-VJFC Lokka: Azure Resource Manager URL path validation issue

Lokka versions prior to 2.1.2 constructed Azure Resource Manager request URLs using direct string concatenation with user-controlled path input. Specially crafted path values could alter URL authority parsing and cause Azure Resource Manager bearer tokens to be sent to an unintended host. Version...

GHSA-H5X8-XP6M-X6Q4 @jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin Summary @jhb.software/payload-cloudinary-plugin v0.3.4 exposes a server-side signing endpoint POST /api/cloudinary-generate-signature that passes attacker-supplied paramsToSign directly to...

GHSA-F4XH-W4CJ-QXQ8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read

Summary An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deploye...

GHSA-C3XH-98XP-6QHF githubtoplanguages: Command Injection via Issue Title in Discord Notification Workflow

Summary A GitHub Actions workflow is vulnerable to command injection through the issue title. The workflow is triggered when an issue is opened or closed, and it directly inserts github.event.issue.title into a Bash variable assignment. If an issue title contains command substitution syntax, Bash...

GHSA-MH64-PH39-MRC9 Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...

GHSA-4CC2-G9W2-FHF6 Zeep: Server-Side Request Forgery (SSRF)

Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbidexternal option, intended to disable this transitive remote...

GHSA-CW6H-FFMH-X6VH Anki: User scripts in iframes have access to the internal Anki API

Summary Anki's webview-based pages communicate with the Rust backend using an internal localhost API. Anki implements measures to prevent user scripts run in the reviewer/editor from accessing this API https://github.com/ankitects/anki/pull/3925 but it inadvertently allows access to scripts...

GHSA-WVRH-2F4M-924V ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

Summary ChatterBot's UbuntuCorpusTrainer.extract uses a predictable, home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern if not os.path.exists: os.makedirs followed by tar.extractallpath=self.datapath. A local attacker who pre-plants a symlink at the predictabl...

DEBIAN-CVE-2026-12706

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

GHSA-H3M5-97JQ-QJRF OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

GHSA-X975-RGX4-5FH4 appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

Unescaped Locator Data XSS in MCP-UI Resource createLocatorGeneratorUI Summary appium-mcp's createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector values — directly into an HTML template literal without any HTM...

GHSA-C795-2G9C-J48M EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id

EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message senderid field was not validated as a path-safe identifier unlike appid / projectid, which already enforced this. During user-memory extraction, senderid is used a...

GHSA-V3F4-W7R7-V3HM Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests

Impact Uni-CLI versions before 0.225.2 exposed the legacy JSON-RPC-over-HTTP MCP transport on loopback without validating browser Origin headers before routing requests. A malicious web page could send a CORS simple POST request, such as text/plain, to the local /mcp endpoint and deliver a JSON-R...

GHSA-6GQW-JQV7-V88M stigmem-node: decay sweep expires and counts facts across all tenants (cross-tenant BOLA)

Summary On a multi-tenant stigmem node, a caller holding a write credential for one tenant can run a decay sweep that acts on every tenant's facts. The candidate-selection queries in lifecycle/decay.py selectttlcandidates, selectconfidencecandidates carried no tenantid predicate, and the caller's...

GHSA-XHV3-Q4XX-349R stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)

Summary On a multi-tenant stigmem node, a tenant administrator could list, read, and admit or reject quarantined facts belonging to other tenants. The list/count queries and getquarantinedfact in routes/quarantine.py lacked an f.tenantid = identity.tenantid predicate, and the garden lookup was no...

GHSA-X26H-XMV8-GXF7 stigmem-node: RTBF tombstones are mis-attributed and suppress reads tenant-blind (cross-tenant BOLA)

Summary On a multi-tenant stigmem node, RTBF right-to-be-forgotten tombstones were mis-scoped two ways. 1 issuetombstone defaulted the tenant to "default" instead of the caller's tenant, so tombstones could be written to the wrong tenant. 2 The read-suppression path — gettombstonefilter...

GHSA-6V7P-G79W-8964 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error

Impact If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. If the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack. Patches v1.2.1 Workarounds Users should create a new Unpacker instead of...

GHSA-6VXV-WG6J-5QWP Gogs: XSS in .ipynb files renderer due to outdated notebookjs

Summary Gogs renders Jupyter notebook files .ipynb using jsvine/notebookjs, but the version is outdated, missing patches for known XSS vulnerabilities. Details Gogs uses version 0.4.2 of notebookjs to render Jupyter notebook files:...

GHSA-97PR-9HGG-3P8R parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change

Impact A Parse Server LiveQuery subscriber can receive object field values they are not authorized to read when a single save changes both an object field and the subscriber's ACL read access to that object. When such a save removes the subscriber's read access, the resulting leave event still...

GHSA-MRVX-JMJW-VGGC SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`

DNS-resolved Private Hostname SSRF in weburlread Summary The weburlread MCP tool in mcp-searxng is vulnerable to Server-Side Request Forgery SSRF via DNS rebinding bypass. The assertUrlAllowed function at src/url-reader.ts:85-93 validates only the syntactic hostname string against a private...