PT-2026-45762

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 14.0.7700 through 14.4.8152 Progress Sitefinity versions 15.0.8200 through 15.0.8234 Progress Sitefinity versions 15.1.8300 through 15.1.8335 Progress Sitefinity versions 15.2.8400 through 15.2.8441 Progress...

Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.492 for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.19. for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

Malicious code in @antv/lite-insight (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/insight-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4029 Malicious code in @antv/insight-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/lite-insight (>=2.1.0 <=2.1.1), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +3 more potentially affected by unknown CVE via @antv/narrative-text-schema (>=0.1.5 <=0.3.7)

@antv/narrative-text-schema NPM version =0.1.5, =2.1.0, =0.1.1, =0.1.6, =2.0.0, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTSCHEMA-16755006...

@antv/smart-board (>=2.0.0 <=2.1.0-alpha.0) potentially affected by unknown CVE via @antv/lite-insight (=2.1.1)

@antv/lite-insight NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/lite-insight and may be impacted: - @antv/smart-board =2.0.0, =2.1.0-alpha.0 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLITEINSIGHT-16754380...

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/chart-advisor (>=2.0.0 <=2.1.0-alpha.1) +5 more potentially affected by unknown CVE via @antv/ckb (>=2.0.4 <=2.1.0-alpha.0)

@antv/ckb NPM version =2.0.4, =2.0.0, =2.0.0, =1.2.0-beta.0, =1.0.0-alpha.1, =2.0.0, =2.0.0, =0.0.1, =0.1.0-beta.57 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVCKB-16754938...

@antv/li-sam-assets (>=0.1.1 <=0.1.3) potentially affected by unknown CVE via @antv/insight-component (=1.0.0)

@antv/insight-component NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/insight-component and may be impacted: - @antv/li-sam-assets =0.1.1, =0.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVINSIGHTCOMPONENT-16754910...

@antv/li-sam-assets (>=0.1.1 <=0.1.3) potentially affected by unknown CVE via @antv/insight-component (=1.0.0)

@antv/insight-component NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/insight-component and may be impacted: - @antv/li-sam-assets =0.1.1, =0.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVINSIGHTCOMPONENT-16755079...

CVE-2026-8751

creationtimestamp| type| source ---|---|--- 2026-05-18 11:39:38+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mm4s4budgk23...

USN-8235-1 insighttoolkit vulnerabilities

It was discovered that Expat, vendored in ITK incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-25235, CVE-2022-25236...

USN-8235-1: ITK vulnerabilities

It was discovered that Expat, vendored in ITK incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-25235, CVE-2022-25236...

[SECURITY] Fedora 44 Update: insight-18.0.50.20260306-3.fc44

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

Fedora 44 : insight (2026-f72d44d09e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f72d44d09e advisory. Fix CVE-2026-6846. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 42 : insight (2026-ce402e1f82)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ce402e1f82 advisory. Fix CVE-2026-6846. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 43 : insight (2026-e0f5e87dd6)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e0f5e87dd6 advisory. Fix CVE-2026-6846. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

[SECURITY] Fedora 42 Update: insight-18.0.50.20260306-3.fc42

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...