PT-2026-1582

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description A configuration issue with service binding in internal service components allows a privileged attacker to affect service availability. This occurs because administrative services are exposed through...

GHSA-9C48-W39G-HM26 rsa crate has potential panic on a prime being equal to 1

When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is 1. Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG...

Linux Distros Unpatched Vulnerability : CVE-2025-69226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of...

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

UBUNTU-CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

EUVD-2026-1046

AIOHTTP vulnerable to brute-force leak of internal static file path components...

CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2025-57752 DESCRIPTION: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0....

ca.qc.ircm:plate-layout (=0.8), com.github.ilgun:expandingtextarea (=2.0) +107 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-server (>=8.0.0 <=8.2.1)

com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =1.0.9, =1.0.9, =1.1.8, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.5 and more Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js Security Testing Tool Professiona...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js Security Testing Tool Professiona...

EUVD-2026-0937

Malicious code in @signify/vue-components npm...

MAL-2026-45 Malicious code in @signify/vue-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff7ae41abedc64bde81c60772d7adf7e58c51a651ce76e0684c0ea713fe130d The package @signify/vue-components was found to contain malicious code. Source: ghsa-malware...

Malicious code in @signify/vue-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff7ae41abedc64bde81c60772d7adf7e58c51a651ce76e0684c0ea713fe130d The package @signify/vue-components was found to contain malicious code. Source: ghsa-malware...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Exploit for Deserialization of Untrusted Data in Facebook React

🎯 React2Shell CVE-2025-55182 — From React Server Components...

linux-privesc-audit-toolkit

Linux Privilege Escalation Automation Toolkit !Bannerscree...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell - Vulnerable Lab !CVE-2025-5518...