CVE-2026-6936

CVE-2026-6936 affects IBM i versions 7.3–7.6 (5770-999). The vulnerability is due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler, enabling an authenticated attacker to cause a denial-of-service by compiling specially crafted source code. CVSS v3.1 base score is 6....

CVE-2026-6936 IBM i is Affected by a Denial of Service Vulnerability []

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...

IBM i 安全漏洞

IBM i is an operating system developed by the American International Business Machines IBM company, which runs on IBM Power Systems and IBM PureSystems. Versions 7.6, 7.5, 7.4, and 7.3 of IBM i have security vulnerabilities. These vulnerabilities stem from uncontrolled recursion in the Integrated...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-118 (ALASDOCKER-2026-118)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-118 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

CVE-2026-44728

CVE-2026-44728 affects Babel, a JavaScript compiler. Vulnerability occurs when compiling code that is specifically crafted by an attacker, enabling output code to execute arbitrary code. Affects Babel versions 7.12.0 through before 7.29.4 and 8.0.0-alpha.13. Root cause is the generation of advers...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Medium: soci-snapshotter

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Babel 安全漏洞

Babel is a JavaScript compiler developed by Babel OpenSource. Versions of Babel from 7.12.0 to 7.29.4, as well as 8.0.0-alpha.13, have security vulnerabilities. These vulnerabilities stem from the possibility of generating outputs that can execute arbitrary code during the compilation of speciall...

MAL-2026-4707 Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

Database-Exploitation-Manual

🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...

gcc-toolset-13-gcc bug fix and enhancement update

An update is available for gcc-toolset-13-gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc-toolset-13-gcc13 package contains the GNU Compiler...

CLSA-2026-1779361233 java-1.8.0-openjdk: Fix of 7 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22016: enhance Path Factories Redux - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

Astra Linux - уязвимость в ruby2.5

A issue was discovered in Ruby 3.x through 3.3.0. If data supplied by an attacker is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Security issue: Restrict CONFIGZEROCALLUSEDREGS to gcc or clang version 15.0.6. A bug in clang’s implementation of -fzero-call-used-regs can lead to NULL pointer dereferencing see the links above the check for more information...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Avoid using a global register for the currentstackpointer The commit 30de14b1884b “s390: The currentstackpointer should not be a function” changed the currentstackpointer to a global register variable, as is common on many...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1637)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1637 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1660)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1660 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1645)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1645 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...