Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

wined

Windows Exploitation wined Tools The following scripts were...

NestJS DevTools Integration - Remote Code Execution

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

libjxl-devel-0.11.2-2.1 on GA media (moderate)

libjxl-devel-0.11.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10910-1 Rating: moderate Cross-References: CVE-2025-12474 CVE-2025-70103 CVSS scores: CVE-2025-12474 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2025-12474 SUSE : 6.9...

OPENSUSE-SU-2026:10946-1 assimp-devel-6.0.5-3.1 on GA media

These are all security issues fixed in the assimp-devel-6.0.5-3.1 package on the GA media of openSUSE Tumbleweed...

Microsoft Build 2026: Securing code, agents, and models across the development lifecycle

In this article 1. Secure your code 2. Secure your agents 3. Trust agents with your data 4. Secure your models 5. Trust starts with security Today, developers and security teams are caught in growing tension. AI is accelerating development and introducing new issues around insecure code, opaque...

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 --- Description MCPJam inspector is a loca...

PT-2026-46038

These are all security issues fixed in the libmariadbd-devel-11.8.8-1.1 package on the GA media of openSUSE Tumbleweed...

LibVNCServer-devel-0.9.15-3.1 on GA media (moderate)

LibVNCServer-devel-0.9.15-3.1 on GA media Announcement ID: openSUSE-SU-2026:10905-1 Rating: moderate Cross-References: CVE-2026-44988 CVSS scores: CVE-2026-44988 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-44988 SUSE : 9.2...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Enhance key generation (Oracle CPU 2026-04)

No description is available for this CVE...

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

No description is available for this CVE...

ALSA-2026:22145 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime...

Imagination Graphics DDK security vulnerability

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from an address translation logic error. This vulnerability may allow the compromised host kernel to perform arbitrary writes t...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.CobrancaV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Pix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Investimentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious Package

Overview sicoob.sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package. To maximi...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.PagamentosV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...