org.sonatype.nexus.api.extdirect:nexus-api-extdirect-common (>=3.81.0-08 <=3.87.2-01), org.sonatype.nexus.api.extdirect:nexus-api-extdirect-selfhosted (>=3.81.0-08 <=3.87.2-01) +49 more potentially affected by CVE-2026-0601 via org.sonatype.nexus:nexus-extdirect (>=3.10.0-04 <=3.87.2-01)

org.sonatype.nexus:nexus-extdirect MAVEN version =3.10.0-04, =3.81.0-08, =3.81.0-08, =3.81.0-08, =3.81.0-08, =3.4.0-02, =3.60.0-02, =3.4.0-02, =3.21.0-01, =3.12.0-01, =3.4.0-02, =3.12.0-01, =3.4.0-02, =3.57.0-01, =3.23.0-01, =3.87.2-01 and more Source cves: CVE-2026-0601https://vulners.com/cve/C...

io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0), org.sonatype.nexus.api.extdirect:nexus-api-extdirect-common (>=3.81.0-08 <=3.87.2-01) +112 more potentially affected by CVE-2026-0600 via org.sonatype.nexus:nexus-validation (>=3.0.0-b2015061001 <=3.87.2-01)

org.sonatype.nexus:nexus-validation MAVEN version =3.0.0-b2015061001, =3.81.0-08, =3.81.0-08, =3.81.0-08, =3.81.0-08, =3.4.0-02, =3.60.0-02, =3.4.0-02, =3.21.0-01, =3.0.0-03, =3.4.0-02, =0.6.1, =0.10.2, =0.14.0 - org.sonatype.nexus.plugins:nexus-blobstore-restore =3.4.0-02 and more Source cves:...

MiracleLinux 3 : xen-3.0.3-120.2.0.1.AXS3 (AXSA:2011-180:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-180:02 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use Xen can b...

CVE-2026-20972

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

CVE-2026-21219

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...

Eptura Archibus 安全漏洞

Eptura Archibus is an all-in-one workspace management system platform from Eptura Corporation, USA. A security vulnerability exists in Eptura Archibus version 2024.03.01.109, which stems from a directory traversal in the Run script and Server File components of the Database Update Wizard...

Hewlett Packard Enterprise AOS 安全漏洞

Hewlett Packard Enterprise AOS HPE AOS is a network operating system for data centers, campuses, and edges from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise AOS that stems from multiple out-of-bounds read vulnerabilities in the handling of data...

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users TL;DR Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability. An edg...

EUVD-2026-1988

Malicious code in @gwp-gtmt-components/event-listener npm...

EUVD-2026-1987

Malicious code in @t4i-cms-components/contact-card npm...

MAL-2026-209 Malicious code in @t4i-cms-components/contact-card (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7daa695b6aa59e8369fb05292fc589bf605f2648c9e66dd008e7c91314bb820e The package @t4i-cms-components/contact-card was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @gwp-gtmt-components/event-listener is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

MAL-2026-208 Malicious code in @gwp-gtmt-components/event-listener (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 468c91e4f79d71c29b131ccb10fac2c3917af3d3a443cf252feeb683ef68d797 The package @gwp-gtmt-components/event-listener was found to contain malicious code. Source: ghsa-malware...

Malicious code in resto_ui_components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd3404a7cf3642d3e49538ae488a44a564dc5dd94102302ab33814b62e4427a The package restouicomponents was found to contain malicious code. Source: ghsa-malware...

MAL-2026-197 Malicious code in resto_ui_components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd3404a7cf3642d3e49538ae488a44a564dc5dd94102302ab33814b62e4427a The package restouicomponents was found to contain malicious code. Source: ghsa-malware...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Vulnerability Analysis Lab This...

CVE-2023-29727

The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause...

CVE-2025-56425

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated...

CVE-2022-42948

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI...

CVE-2022-26111

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...