Messages by Thread
-
-
[oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272
Christian Brabandt
-
[oss-security] CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Stig Palmquist
-
[oss-security] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
cyber security
-
[oss-security] CVE-2025-15604: Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions
Robert Rothenberg
-
[oss-security] CVE-2026-3256: HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids
Robert Rothenberg
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002
Adrian Perez de Castro
-
[oss-security] CVE-2026-1961: Foreman: Remote Code Execution via command injection in WebSocket proxy
Ondrej Gajdusek
-
[oss-security] Dovecot Security Advisory OXDC-2026-0001
Aki Tuomi
-
[oss-security] TigerVNC 1.16.2 security release
Alan Coopersmith
-
[oss-security] CVE-2026-4851: remote-to-local code execution in GRID::Machine
piedcrow
-
[oss-security] 7 CVEs fixed in nginx
Solar Designer
-
[oss-security] CVE-2014-125112: Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution
Timothy Legge
-
[oss-security] libpng 1.6.56: Two high-severity vulnerabilities fixed: CVE-2026-33416, CVE-2026-33636
Cosmin Truta
-
[oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591)
Nicki Křížek
-
[oss-security] ISC has disclosed one vulnerability in Kea (CVE-2026-3608)
Peter Davies
-
[oss-security] backdoor in litellm version 1.82.7
Jan Schaumann
-
[oss-security] [ADVISORY] SQUID-2026:3 Out of Bounds Read in ICP message handling (CVE-2026-33515)
Amos Jeffries
-
[oss-security] [ADVISORY] SQUID-2026:2 Denial of Service in ICP Request handling (CVE-2026-32748)
Amos Jeffries
-
[oss-security] [ADVISORY] SQUID-2026:1 Denial of Service in ICP Request handling (CVE-2026-33526)
Amos Jeffries
-
[oss-security] NodeJS Security Releases fixes High, 5 Medium, 2 Low severity issues
Jan Schaumann
-
[oss-security] Xen Security Advisory 482 v3 (CVE-2026-31788) - Linux privcmd driver can circumvent kernel lockdown
Xen . org security team
-
[oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown
Xen . org security team
-
[oss-security] The GNU C Library security advisories update for 2026-03-23
Carlos O'Donell
-
[oss-security] CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref)
Abhinav Agarwal
-
[oss-security] Trivy github actions repo compromised, infostealer added
Alan Coopersmith
-
[oss-security] pyOpenSSL 26.0.0 released with two CVE fixes
Alan Coopersmith
-
[oss-security] [CVE-2026-30922] Denial of Service in pyasn1 via Unbounded Recursion
Alan Coopersmith
-
[oss-security] nghttp2 Denial of service: Assertion failure due to the missing state validation
Alan Coopersmith
-
[oss-security] CVE-2026-32642: Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Justin Bertram
-
[oss-security] Fwd: [CPython][CVE-2026-4519] webbrowser.open() API allows leading dashes
Alan Coopersmith
-
[oss-security] [vim-security]: Command injection via newline in glob() affects Vim < 9.2.0202
Christian Brabandt
-
[oss-security] [kubernetes] CVE-2026-4342: ingress-nginx comment-based nginx configuration injection
Tabitha Sable
-
[oss-security] Off-by-one heap buffer overflow in libuv
Ali Raza
-
[oss-security] [OSSA-2026-004] Glance: Server-Side Request Forgery (SSRF) vulnerabilities in OpenStack Glance image import functionality (CVE-2026-pending)
Brian Rosmaita
-
[oss-security] CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Timothy Legge
-
[oss-security] CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes
Timothy Legge
-
[oss-security] CVE-2026-31973: samtools <= 1.23 NULL pointer dereference in cram-size
Robert Davies
-
[oss-security] CVE-2026-31972: samtools <= 1.21 Use-after-free in mpileup leading to an invalid read
Robert Davies
-
[oss-security] HTSlib <= 1.23 Multiple vulnerabilities in the CRAM file reader
Robert Davies
-
[oss-security] CVE-2026-31970: HTSlib <= 1.23 heap buffer overflow in the BGZF index file reader
Robert Davies
-
[oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
Adrian Perez de Castro
-
[oss-security] [SBA-ADV-20251205-01] LibreChat 0.8.1-rc2 RAG API Authentication Bypass
SBA Research Security Advisory
-
[oss-security] libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop)
Sebastian Pipping
-
[oss-security] snap-confine + systemd-tmpfiles = root (CVE-2026-3888)
Qualys Security Advisory
-
[oss-security] Xen Security Advisory 481 v2 (CVE-2026-23555) - Xenstored DoS by unprivileged domain
Xen . org security team
-
[oss-security] Xen Security Advisory 480 v3 (CVE-2026-23554) - Use after free of paging structures in EPT
Xen . org security team
-
[oss-security] CVE-2026-28563: Apache Airflow: DAG authorization bypass
Rahul Vats
-
[oss-security] CVE-2026-26929: Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Rahul Vats
-
[oss-security] CVE-2026-28779: Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Rahul Vats
-
[oss-security] CVE-2026-30911: Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Rahul Vats
-
[oss-security] [kubernetes] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server
Rita Zhang
-
[oss-security] CVE-2026-4177: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
Timothy Legge
-
[oss-security][CVE-2026-3644] CPython Incomplete control character validation in http.cookies
Alan Coopersmith
-
[oss-security] [CVE-2026-4224] CPython Stack overflow parsing XML with deeply nested DTD content models
Alan Coopersmith
-
[oss-security] 10+ CVEs in GStreamer
Solar Designer
-
[oss-security] Foswiki 2.1.11 is released, fixes CVE-2026-2861
Michael Daum
-
Re: [oss-security] OpenSSH GSSAPI keyex patch issue
Solar Designer
-
[oss-security] CVE-2025-54920: Apache Spark: Spark History Server Code Execution Vulnerability
Holden Karau
-
[oss-security] Some telnet clients leak environment variables
Justin Swartz
-
[oss-security] Multiple vulnerabilities in AppArmor
Qualys Security Advisory
-
[oss-security] Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)
Justin Swartz
-
[oss-security] CVE-2025-60012: Apache Livy: Restrict file access
György Gál
-
[oss-security] CVE-2025-66249: Apache Livy: Unauthorized directory access
György Gál
-
[oss-security] [vim-security] NFA regex engine NULL pointer dereference affects Vim < 9.2.0137
Christian Brabandt
-
[oss-security] The GNU C Library security advisory update for 2026-03-11
Siddhesh Poyarekar
-
[oss-security] [ADVISORY] curl: CVE-2026-3805: use after free in SMB connection reuse
Daniel Stenberg
-
[oss-security] [ADVISORY] curl: CVE-2026-3784: wrong proxy connection reuse with credentials
Daniel Stenberg
-
[oss-security] [ADVISORY] curl: CVE-2026-3783: token leak with redirect and netrc
Daniel Stenberg
-
[oss-security] [ADVISORY] curl: CVE-2026-1965: bad reuse of HTTP Negotiate connection
Daniel Stenberg
-
[oss-security] CVE-2026-23907: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code
Tilman Hausherr
-
[oss-security] [kubernetes] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection
Tabitha Sable
-
[oss-security] CVE-2026-28431+more: Misskey/Sharkey "extremely severe" vulnerabilities
Valtteri Vuorikoski
-
[oss-security] CVE-2026-25604: Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
Jarek Potiuk
-
[oss-security] CVE-2026-24015: Apache IoTDB: Insecure Default Configuration Vulnerability
Haonan Hou
-
[oss-security] CVE-2026-24713: Apache IoTDB: JEXL Expression Injection Vulnerability
Haonan Hou
-
[oss-security] CVE-2025-64152: Apache IoTDB: Path Traversal Vulnerability
Haonan Hou
-
[oss-security] CVE-2025-55017: Apache IoTDB: Path Traversal Vulnerability
Haonan Hou
-
[oss-security] CVE-2025-69219: Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator
Jarek Potiuk
-
[oss-security] AWStats awdownloadcsv.pl command injection and path traversal vulnerabilities
christopher.downs
-
[oss-security] CVE-2026-30910: Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows
Timothy Legge
-
[oss-security] CVE-2026-30909: Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows
Timothy Legge
-
[oss-security] CVE-2026-24308: Apache ZooKeeper: Sensitive information disclosure in client configuration handling
Andor Molnar
-
[oss-security] CVE-2026-24281: Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
Andor Molnar
-
[oss-security] CVE-2025-69534 in Python-Markdown
Alan Coopersmith
-
[oss-security] Go 1.26.1 and Go 1.25.8 are released with 5 CVE fixes
Alan Coopersmith
-
[oss-security] CVE-2025-13350 for Ubuntu Linux kernel
Seth Arnold
-
[oss-security] Fwd: [CVE-2026-2297] SourcelessFileLoader does not use io.open_code()
Alan Coopersmith
-
[oss-security] CVE-2026-3381: Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Robert Rothenberg
-
[oss-security] CVE-2026-3257: UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library
Robert Rothenberg
-
[oss-security] CVE-2025-40931: Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id
Robert Rothenberg
-
[oss-security] CVE-2025-40926: Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely
Robert Rothenberg
-
[oss-security] CVE-2024-57854: Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator
Robert Rothenberg
-
[oss-security] Announcing FreeType 2.14.2, fixes CVE-2026-23865
Alan Coopersmith
-
[oss-security] Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Jan Schaumann
-
[oss-security] [OSSA-2026-003] OpenStack Vitrage: Remote code execution through Vitrage query parser (CVE-2026-28370)
Jeremy Stanley
-
[oss-security] CVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
Christopher L. Shannon
-
[oss-security] CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation
Justin Bertram
-
[oss-security] Django CVE-2026-25673 and CVE-2026-25674
Natalia Bidart
-
[oss-security] Fwd: [siren] [Security Advisory] Active Exploitation of Weak GitHub Actions Configurations
Solar Designer
-
[oss-security] CVE-2025-59059: Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator
Velmurugan Periasamy
-
[oss-security] CVE-2025-59060: Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient
Velmurugan Periasamy
-
[oss-security] Exiv2 version 0.28.8 released with fixes for 3 low-severity CVEs
Kevin Backhouse
-
[oss-security] Fwd: CVE-2018-25160: HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend
Robert Rothenberg
-
[oss-security] CVE-2026-3255: HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function
Robert Rothenberg
-
[oss-security] [vim-security] Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078
Christian Brabandt
-
[oss-security] [vim-security] Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077
Christian Brabandt
-
[oss-security] [vim-security] Heap-based Buffer Overflow and OOB Read in :terminal affects Vim < 9.2.0076
Christian Brabandt
-
[oss-security] [vim-security] Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075
Christian Brabandt
-
[oss-security] [vim-security] Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074
Christian Brabandt
-
[oss-security] [vim-security] OS Command Injection in netrw affects Vim < 9.2.0073
Christian Brabandt
-
[oss-security] OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization
Alan Coopersmith
-
[oss-security] CVE-2026-27900 - Sensitive Information Exposure in Debug Logs of Terraform Provider for Linode
Liang, Zhiwei
-
[oss-security] Unsound Workshop at ECOOP 2026
Jan Bessai
-
[oss-security] CVE-2026-23984: Apache Superset: SQLLab Read-Only Bypass on PostgreSQL
Daniel Gaspar
-
[oss-security] CVE-2026-23983: Apache Superset: Sensitive Data Exposure via REST API (disabled by default)
Daniel Gaspar
-
[oss-security] CVE-2026-23982: Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass
Daniel Gaspar
-
[oss-security] CVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command
Daniel Gaspar
-
[oss-security] CVE-2026-23969: Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering
Daniel Gaspar
-
[oss-security] Re: Telnetd Vulnerability Report
Justin Swartz