CVE-2026-22037

The vulnerability affects the @fastify/express plugin (prior to version 4.0.3). Middleware registered for a specific path prefix can be bypassed when the request uses URL-encoded characters (e.g., /%61dmin instead of /admin). The middleware engine fails to match the encoded path, but the underlyi...

PT-2026-3452

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.3 Description A security issue exists in the @fastify/express plugin, which provides Express compatibility for Fastify. The problem occurs when middleware is registered with a specific path prefix...

@fastify/express security vulnerability

@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express prior to 4.0.3 contained security vulnerabilities. These vulnerabilities were caused by improper path prefix matching, which could allow middleware to bypass security checks...

Security Bulletin: Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

Summary Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX. These vulnerabilities are specifically found in the Sterling Connect:Express Adapter for Sterling B2B Integrator. The Web interface is delivered with this product as an additional component of the services...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001102 advisory. Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002283 advisory. Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001959)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001959 advisory. Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause...

Online shoppers at risk as Magecart skimming hits major payment networks

Researchers have been tracking a Magecart campaign that targets several major payment providers, including American Express, Diners Club, Discover, and Mastercard. Magecart is an umbrella term for criminal groups that specialize in stealing payment data from online checkout pages using malicious...

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these...

CVE-2025-68770

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix XDPTX path For XDPTX action in bnxtrxxdp, clearing of the event flags is not correct. bnxtpollwork - bnxtrxpkt - bnxtrxxdp may be looping within NAPI and some event flags may be set in earlier iterations. In particula...

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it. cdnspcie::ops may not be populated by all Cadence glue drivers. This is true for the upcoming Sophgo platform, which does not set ops. Therefore, add a check...

ROS-20260113-7380

A vulnerability in the drivers/nvme/host component of the Linux operating system kernel is related to thread locking errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260113-7381

A vulnerability in the drivers/nvme/host/tcp.c component of the Linux operating system kernel is related to simultaneous execution using a shared resource with improper synchronization. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-68770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix XDPTX path For XDPTX action in bnxtrxxdp, clearing of the event flags is not...

WordPress Nex-Forms Express WP Form Builder plugin < 9.1.8 - Authenticated Stored XSS vulnerability

Authenticated Stored XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin NEX-Forms versions 9.1.8...

EUVD-2026-1963

Malicious code in express-sessions-id npm...

Malicious Package

Overview express-sessions-id is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in express-sessions-id (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50976a5a79aa6e9a71eee66f3a74059d86a7620d670cf19ad43c9eb3619b0c2e The package express-sessions-id was found to contain malicious code. Source: ghsa-malware...

MAL-2026-218 Malicious code in express-sessions-id (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50976a5a79aa6e9a71eee66f3a74059d86a7620d670cf19ad43c9eb3619b0c2e The package express-sessions-id was found to contain malicious code. Source: ghsa-malware...