MAL-2026-5141 Malicious code in @redhat-cloud-services/host-inventory-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5147 Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5133 Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

PT-2026-45467

Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow in the pull-request.yaml file executes attacker-controlled code from fork pull requests within a privileged context. This allows for th...

MAL-2026-5137 Malicious code in @redhat-cloud-services/frontend-components-translations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5135 Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

SUSE SLES15 Security Update : docker-stable (SUSE-SU-2026:2120-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2120-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft...

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Engine API Unauthenticated RCE Seve...

[SECURITY] Fedora 43 Update: docker-compose-5.1.4-1.fc43

Define and run multi-container applications with Docker...

[SECURITY] Fedora 44 Update: docker-compose-5.1.4-1.fc44

Define and run multi-container applications with Docker...

CVE-2026-46597 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-46597 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-27136 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-27136 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-42506 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-42506 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-27136 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-27136 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39829 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-39829 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-39829 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39829 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...