EUVD-2026-19875

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

CVE-2026-39312

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

Signals from the Cloud Security Forecast 2026: Cloud Risk Is Scaling through Design, Not Disruption

Key Takeaways Identity and permissions now determine what is reachable, making them the primary drivers of cloud risk. Runtime exposure, not individual findings, determines how low-risk issues combine into real impact. SaaS and OAuth integrations extend the control plane and amplify blast radius...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libpng: libpng-1.6.56-1.hum1 aarch64, x8664 libpng-devel-1.6.56-1.hum1 aarch64, x8664 libpng-static-1.6.56-1.hum1 aarch64, x8664 libpng-tools-1.6.56-1.hum1 aarch64, x8664 libpng-1.6.56-1.hum1.src...

OPENSUSE-SU-2026:10494-1 SDL2_image-devel-2.8.10-1.1 on GA media

These are all security issues fixed in the SDL2image-devel-2.8.10-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2026-19440

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Summary Any files ending with .map even out side the project can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - have a sensitive content in files...

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

Missing Authentication for Critical Function

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the fetchModule method exposed through the WebSocket interface when the server is explicitly exposed to the network and WebSocket is...

CVE-2026-32662

Development and test API endpoints are present that mirror production functionality...

Arbitrary Command Injection

Overview @elgentos/magento2-dev-mcp is a Magento 2 Development MCP Server for AI agents - provides cache management, module tools, and system diagnostics Affected versions of this package are vulnerable to Arbitrary Command Injection via the executeMagerun2Command function. An attacker can execut...

PT-2026-30706

Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the command lookup helper and deep-link terminal launcher. Local...

Killer robots are here. Now what? (Lock and Code S07E07)

Big news : Lock and Code is nominated for a Webby Award! You can help us win the People's Voice Award by voting here. Vote now! This week on the Lock and Code podcast … We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to talk instea...

exploit_skillz

exploitskillz Work i...

PT-2026-30586

Name of the Vulnerable Software and Affected Versions SDL image affected versions not specified Description The SDL image library has an issue where pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. A crafted .xcf fil...

libinput-devel-1.31.1-1.1 on GA media (moderate)

libinput-devel-1.31.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10489-1 Rating: moderate Cross-References: CVE-2026-35093 CVE-2026-35094 CVSS scores: CVE-2026-35093 SUSE : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-35093 SUSE : 6.3...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-7.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

OPENSUSE-SU-2026:10489-1 libinput-devel-1.31.1-1.1 on GA media

These are all security issues fixed in the libinput-devel-1.31.1-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2026-18847

Development and test API endpoints are present that mirror production functionality...

CVE-2026-32662

Development and test API endpoints are present that mirror production functionality...