CVE-2026-25468 WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

groovestrike

GrooveStrike Autonomous Penetration Testing Framework...

monetr 安全漏洞

Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.5 contained a security vulnerability. This vulnerability stemmed from server-side request forgeing in the Lunch Flow integration, which could allow authenticated users to send HTT...

Heimdallr: Characterizing and Detecting LLM-Induced Security Risks in GitHub CI Workflows

GitHub Continuous Integration CI workflows increasingly integrate Large Language Models LLMs to automate review, triage, content generation, and repository maintenance. This creates a new attack surface: externally controllable workflow inputs can shape LLM prompts and outputs, which may in turn...

alika-vuln-shield

Vuln Shield Fast container vulnerability scanner that filters...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the SUSE Virtualization Harvester Rancher integration mechanism. An attacker can intercept sensitive information and cause a crash of the registration controller by exploiting insecure TLS certificate...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the SUSE Virtualization Harvester Rancher integration mechanism. An attacker can intercept sensitive information and cause a crash of the registration controller by exploiting insecure TLS certificate...

Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

Impact A vulnerability has been identified in the SUSE Virtualization Harvester Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-midd...

NPM: Auth.js SDK has Improper Permission Checking

NPM: Auth.js SDK has Improper Permission Checking vulnerability discovered by ? in WordPress Npm auth0-js versions = 8.11.0, = 9.32.0...

Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: zarf, skaffold, pulumi-language-java, teleport, crossplane, trivy, act, dagger, flux-image-automation-controller, melange, cerbos, apko, flux, nuclei, wolfictl, argo-workflows, kyverno, rancher-fleet, k9s, tfsec, gitea, xeol, kots, argocd-image-updater,...

CVE-2026-43094

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: add missing negotiatefeatures op to Hyper-V ops table Commit a7075f501bd3 "ixgbevf: fix mailbox API compatibility by negotiating supported features" added the .negotiatefeatures callback to ixgbemacoperations and populat...

Joern 4.0.534

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-38260

Impact A vulnerability has been identified in the SUSE Virtualization Harvester Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-midd...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Handlebars

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Handlebars. CVE-2026-33937, CVE-2026-33938, CVE-2026-33939, CVE-2026-33940, CVE-2026-33941 The vulnerabilities have been addressed. Vulnerability Details...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: OSV:GHSA-W76P-3CGP-QFCM...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422548...

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.9.38 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.9.38 <=1.20.1) +1589 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-vertx-http (>=3.0.0.Alpha1 <=3.20.6)

io.quarkus:quarkus-vertx-http MAVEN version =3.0.0.Alpha1, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.0.1, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.2, =0.0.1, =0.0.5 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420254...

Meet Wiz for M365: Bringing SaaS into the Security Graph

Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context...

A week in security (April 27 &#8211; May 3)

Last week on Malwarebytes Labs: 3 easy-to-miss cybersecurity risks for small businesses Actively exploited cPanel bug exposes millions of websites to takeover More PayPal emails hijacked to deliver tech support scams Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do...