Anritsu ShockLine: Competition condition issue vulnerability

Anritsu ShockLine is a series of vector network analyzers produced by Anritsu Corporation in Japan. Anritsu ShockLine has a vulnerability related to race conditions, which arises due to insufficient locking during object operations involving SCPI components. This vulnerability may lead to race...

com.almis.awe:awe-annotation (>=4.10.11 <=4.11.2), com.almis.awe:awe-annotations-spring-boot-starter (>=4.10.11 <=4.11.2) +107 more potentially affected by CVE-2025-22234 via org.springframework.security:spring-security-core (=6.3.8)

org.springframework.security:spring-security-core MAVEN version =6.3.8 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.almis.awe:awe-annotation =4.10.11, =4.10.11, =4.10.11,...

EUVD-2026-4190

Malicious code in @mailpoet/components npm...

MAL-2026-455 Malicious code in @mailpoet/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ec1e0266ccd0888d11f208447e31b521c1d6a2d7e622b0b78d7572b5f6e8b3e The package @mailpoet/components was found to contain malicious code. Source: ghsa-malware...

Malicious code in @mailpoet/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ec1e0266ccd0888d11f208447e31b521c1d6a2d7e622b0b78d7572b5f6e8b3e The package @mailpoet/components was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @mailpoet/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

[SECURITY] Fedora 43 Update: mariadb11.8-11.8.5-1.fc43

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

Autodesk Fusion security vulnerabilities

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. There is a security vulnerability in Autodesk Fusion, which stems from the malicious HTML payload stored in component properties. This vulnerability may lead to storage-side cross-site scripti...

CVE-2025-68135 EVerest's inadequate exception handling leads to denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Malicious Package

Overview oce-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-420 Malicious code in oce-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a3bb1f0bc8596c323c58dd811956c6002337f6f9f660adb266b7b722880705d The package oce-components was found to contain malicious code. Source: ghsa-malware 01822c3aed2c0b5e7611959aab8ed47c7722edbc8cef5b339dd6413805eecdda...

EUVD-2026-3734

Malicious code in oce-components npm...

RHEL 9 : thunderbird (RHSA-2026:0924)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0924 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component...

MiracleLinux 8 : mysql:8.0 (AXSA:2024-7561:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7561:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

Rockwell Automation Verve Asset Manager security vulnerability

Rockwell Automation Verve Asset Manager is a supplier-neutral OT endpoint management platform provided by Rockwell Automation. There is a security vulnerability in Rockwell Automation Verve Asset Manager, which stems from ADI server components storing plaintext keys in environmental variables...

MiracleLinux 9 : mingw components (AXSA:2024-7928:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7928:01 advisory. binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfdgetl64 CVE-2023-1579 Tenable has extracted the preceding description block directly from the...

Oracle Critical Patch Update Advisory - January 2026

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

MiracleLinux 8 : dotnet8.0-8.0.110-1.el8_10.ML.1 (AXSA:2024-8896:17)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8896:17 advisory. dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution CVE-2024-38229 dotnet: Multiple .NET componen...