MAL-2026-2169 Malicious code in console-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a453dd193f8ddd250ba6ade5c711f845eced766f664cb75f7969f064a94b86f The package console-loggers was found to contain malicious code. Source: ghsa-malware 4172c3551666d2ed6e2691429d3929465e9f862f0967ff39fcad41faf23fb20...

CVE-2026-33322

CVE-2026-33322 (MinIO) is a JWT algorithm confusion vulnerability in MinIO’s OpenID Connect authentication. From RELEASE.2022-11-08T05-27-07Z up to but not including RELEASE.2026-03-17T21-25-16Z, an attacker who knows the OIDC ClientSecret can forge arbitrary identity tokens and obtain S3 credent...

CVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

Malicious code in nf-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba9583e189e78f6548f1b112ee725ed98a767db49b567918e534e4384e30ae7 The package nf-console was found to contain malicious code...

MAL-2026-2375 Malicious code in nf-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba9583e189e78f6548f1b112ee725ed98a767db49b567918e534e4384e30ae7 The package nf-console was found to contain malicious code...

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...

CVE-2026-4616

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...

CVE-2026-4616 bolo-blog Article Title article cross site scripting

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...

bolo-solo 代码注入漏洞

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Version 2.6.4 of Bolo-Solo contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter articleTitle in the file /console/article/. It may lead to cross-site scripting attac...

EUVD-2019-19952

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

GHSA-5CX5-WH4M-82FH MinIO has JWT Algorithm Confusion in OIDC Authentication

Impact What kind of vulnerability is it? Who is impacted? A JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. An...

IBM Aspera Console Information Disclosure Vulnerability (CNVD-2026-17491)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An information disclosure vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to enumera...

IBM Aspera Console Denial of Service Vulnerability (CNVD-2026-19449)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

PT-2026-26481

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-11-08T05-27-07Z through RELEASE.2026-03-17T21-25-16Z Description MinIO has a JWT algorithm confusion issue in its OpenID Connect authentication. An attacker who knows the OIDC ClientSecret can forge identity tokens...

IBM Aspera Console Denial of Service Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

CLSA-2026-1773832495 Fix of 114 CVEs

CVE-2023-53515 - virtio-mmio: don't break lifecycle of vmdev CVE-2023-53515 CVE-2025-39967 - fbcon: fix integer overflow in fbcondosetfont CVE-2025-39967 - fbcon: Fix OOB access in font allocation CVE-2025-39967 CVE-2025-38702 - fbdev: fix potential buffer overflow in doregisterframebuffer...

CVE-2026-22321

CVE-2026-22321 describes a stack-based buffer overflow in the device’s Telnet/SSH CLI login routine triggered by oversized/unexpected username input from an unauthenticated attacker. This crashes only the thread handling the login attempt while other CLI sessions remain unaffected, resulting in a...

ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media (moderate)

ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media Announcement ID: openSUSE-SU-2026:10367-1 Rating: moderate Cross-References: CVE-2015-3224 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

EUVD-2026-12600

The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2026-32291 GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...