CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

EUVD-2026-5202

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Sentinel CVE-2025-55182 Next.js / React Server Components...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2016-1000027,CVE-2024-22243,CVE-2024-22259,CVE-2024-38809,CVE-2024-22262,CVE-2024-38820,CVE-2024-38828)

Summary Spring MVC controller vulnerable to potential remote code execution RCE , DoS attack and DataBinder Case Sensitive Match Exception. Applications that use UriComponentsBuilder to parse an externally provided URL may be vulnerable to a open redirect...

Malicious code in vite-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dde7d42b0bc5236d827ba62c883fbf14b643e368ef8a4b0f7b5430a35183254 The package vite-ui-components was found to contain malicious code. Source: ghsa-malware...

MAL-2026-669 Malicious code in vite-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dde7d42b0bc5236d827ba62c883fbf14b643e368ef8a4b0f7b5430a35183254 The package vite-ui-components was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview vite-ui-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

ROS-20260203-73-0015

A vulnerability in the microchip components of the Linux operating system kernel involves improper memory freeing before the last link is deleted. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-25059 OpenList affected by Path Traversal in file copy and remove handlers

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24737 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24737 Source advisory:...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24043 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24043 Source advisory:...

USN-7997-1 openjdk-17-crac vulnerabilities

It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-7996-1: CRaC JDK 25 vulnerabilities

It was discovered that the RMI component of CRaC JDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

CVE-2026-1232 Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

Denial-of-Service (DoS)

React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...

RHSA-2026:1620 Red Hat Security Advisory: python3 security update

Bulletin has no description...

BeyondTrust Privilege Management 安全漏洞

BeyondTrust Privilege Management is a permissions management tool provided by BeyondTrust Corporation for Windows and Mac SaaS environments. Versions of BeyondTrust Privilege Management prior to 25.7 contained a security vulnerability that could allow bypassing tamper-proof protection in Windows,...

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2026-1121)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20260202-73-0052

A vulnerability in the igc components of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...