p11-kit security update

An update is available for p11-kit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The p11-kit packages provide a mechanism to manage PKCS11 modules. The...

Autopsy 4.23.1

Autopsy is the premier end-to-end open source digital forensics platform. Built by Sleuth Kit Labs with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs...

RockyLinux 9 : p11-kit (RLSA-2026:18599)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18599 advisory. p11-kit: p11-kit: NULL dereference via CDeriveKey with specific NULL parameters CVE-2026-2100 Tenable has extracted the preceding description block directly from...

Kali365 phishing kit bypasses MFA and steals Microsoft logins

When the Federal Bureau of Investigation FBI publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service PhaaS platform that helps even low‑skilled attackers hijack Microsoft 365...

CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress (WordPress plugin family) contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin-facing endpoint /wp-json/agwp/v1/tokens/save. Affects versions up to 2.5.0; root cause i...

WordPress plugin affiliate-toolkit 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

Malicious Package

Overview @izumiswap/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Fedora 43 : dotnet8.0 (2026-3e509b1444)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3e509b1444 advisory. Update to .NET SDK 8.0.127 and Runtime 8.0.27 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: - SDK:...

Krajowa Izba Rozliczeniowa Szafir SDK 安全漏洞

Krajowa Izba Rozliczeniowa Szafir SDK is an electronic signature development kit from Krajowa Izba Rozliczeniowa, Poland. A security vulnerability exists in the Krajowa Izba Rozliczeniowa Szafir SDK that stems from the cryptographic digital signature verification process returning a success statu...

Fedora 44 : dotnet9.0 (2026-9c63a012b9)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9c63a012b9 advisory. Update to .NET SDK 9.0.117 and Runtime 9.0.16 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: - SDK:...

Fedora 42 : dotnet9.0 (2026-85758358ff)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85758358ff advisory. Update to .NET SDK 9.0.117 and Runtime 9.0.16 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: - SDK:...

Malicious code in @digicroz/typed-api-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32c8c3e9ffd3f994b21011084101df521e232c2ee5dbe93fd51f36977549f2dc The exported paymentGateways.pay0Pg.createOrder API does not call pay0.shop directly. Instead, dist/index.js hardcodes a base URL of...

[SECURITY] Fedora 42 Update: dotnet9.0-9.0.117-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.108-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet9.0-9.0.117-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Incorrect Synchronization

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Incorrect Synchronization via the query.batch function. An attacker can access data belonging to other users by exploiting a race condition that causes concurrent requests from different...

@sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

CVE-2026-39531

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0...