CVE-2026-34237

CVE-2026-34237 affects MCP Java SDK. A hardcoded wildcard CORS configuration (Access-Control-Allow-Origin: *) existed in versions before 0.83.0, 1.0.1, and 1.1.1, allowing cross-origin requests to server endpoints (including SSE paths). The issue has been patched in those versions (0.83.0, 1.0.1,...

EUVD-2026-17484

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

[SECURITY] Fedora 43 Update: dotnet8.0-8.0.125-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 43 Update: dotnet9.0-9.0.115-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from improper file permission settings created by memory...

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as...

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.104-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

@omchat/common (>=1.0.0 <=1.0.4), @tverse/ui (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2026-33979 via express-xss-sanitizer (=1.2.1)

express-xss-sanitizer NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on express-xss-sanitizer and may be impacted: - @omchat/common =1.0.0, =0.1.0, =1.0.0, =1.14.31, =1.15.2 Source cves: CVE-2026-33979 Source advisory:...

@omchat/common (>=1.0.0 <=1.0.4), @tverse/ui (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2026-33979 via express-xss-sanitizer (=1.2.1)

express-xss-sanitizer NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on express-xss-sanitizer and may be impacted: - @omchat/common =1.0.0, =0.1.0, =1.0.0, =1.14.31, =1.15.2 Source cves: CVE-2026-33979 Source advisory:...

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software,...

CVE-2026-33748

CVE-2026-33748 (BuildKit) : Prior to BuildKit 0.28.1, there was insufficient validation of Git URL fragment subdir components, which could allow access to files outside the checked-out Git repository root (limited to files on the same mounted filesystem). Red Hat advisories for OpenShift Service ...

The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

EUVD-2026-16336

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100 P11-kit: null dereference via c_derivekey with specific null parameters

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100 P11-kit: null dereference via c_derivekey with specific null parameters

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100

CVE-2026-2100 – p11-kit : A flaw allows a remote attacker to trigger a NULL dereference by calling C_DeriveKey on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL, potentially causing an application-level denial of service or other undefined states. Public...

CVE-2026-2100

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-24362

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...