Malicious Package

Overview @cloudplatform-single-spa/ml-finetuning is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious Package

Overview @cloudplatform-single-spa/search is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview @cloudplatform-single-spa/vdi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @cloudplatform-single-spa/profile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in h4xupdate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0de4da975d7b071824607be751a9ea0fb13e409eaef58d1cc0628263d5dea700 Package contains a remote control tool taking orders from a hardcoded Telegram bot. The authorship impersonate legitimate company. --- Category: MALICIOUS - Th...

RLSA-2026:21745 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

CVE-2026-10152

TaleLin lin-cms-spring-boot up to 0.2.1 contains an access-control issue in the BookEndpoint path BookController.java. The underlying cause is stated as improper access controls due to some unknown file processing, with a remote attack possibility and public exploit availability. No specific vuln...

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

EUVD-2026-33471

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

CLSA-2026-1780132171 Fix of 25 CVEs

CVE-2025-68724 - crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid CVE-2025-68724 CVE-2025-71196 - phy: stm32-usphyc: Fix off by one in probe CVE-2025-71196 CVE-2026-23033 - dmaengine: omap-dma: fix dmapool resource leak in error paths CVE-2026-23033 CVE-2026-23049 -...

CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

Malicious npm packages abuse dependency confusion to profile developer environments

In this article 1. Attack chain overview 2. Threat actor attribution 3. Mitigation and protection guidance 4. Indicators of Compromise IOC 5. References 6. Learn more Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under...

Lin-CMS-Spring-boot 访问控制错误漏洞

Lin-CMS-Spring-boot is a simple and easy-to-use CMS backend project developed by the TaleLin team. Versions of Lin-CMS-Spring-boot prior to 0.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown processing in the book component’s endpoint, specifically in the...

Yamcs security vulnerabilities

Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. YAMCS has a security vulnerability that stems from the lack of rate limits...

RockyLinux 8 : kernel-rt (RLSA-2026:21745)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

RockyLinux 8 : kernel (RLSA-2026:21706)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21706 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

WordPress plugin Simple History 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...