CVE-2026-45593

CVE-2026-45593 is a use-after-free vulnerability in the Windows SDK that allows an authorized attacker to elevate privileges locally. The NVD/CVE entries describe that the underlying issue is a use-after-free in Windows SDK code leading to local privilege escalation with a CVSS v3.1 base score of...

CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability

...

Malicious code in swap-sdk-87 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Inflated version...

Malicious code in ethereum-kit-1 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

MAL-2026-5355 Malicious code in ethereum-kit-1 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

PT-2026-47982

Name of the Vulnerable Software and Affected Versions Windows SDK affected versions not specified Description A use after free issue allows an authorized attacker to elevate privileges locally, which can affect the system. Use after free is a memory corruption flaw that occurs when an application...

CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

GHSA-XXWJ-CPV6-F4HC vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-25-openj9, openjdk-11-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-26-openj9...

GHSA-G75F-42VW-M3XV vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-25-openj9, openjdk-11-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-26-openj9...

GHSA-32VR-5HXF-X93F vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-25-openj9, openjdk-11-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-26-openj9...

CVE-2026-42672

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-39531

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0...

RLSA-2026:22145 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime...

PT-2026-47059

Name of the Vulnerable Software and Affected Versions Site Kit by Google WordPress plugin versions prior to 1.176.0 Description A broken access control flaw exists in a REST API write endpoint that fails to properly restrict access to administrators. This allows lower-privileged users, such as...

31g-form-parser (=1.0.107), @0xmike/web-kit (>=0.0.6 <=0.1.1) +452 more potentially affected by CVE-2026-34077 via turbo-stream (>=1.2.1 <=2.4.1)

turbo-stream NPM version =1.2.1, =0.0.6, =4.0.0, =4.15.0, =0.0.3, =1.4.0, =0.0.1, =1.2.0, =1.2.0, =0.1.0, =1.0.10, =0.0.2, =1.0.0, =0.0.2, =0.0.13 and more Source cves: CVE-2026-34077 Source advisory: OSV:GHSA-RXV8-25V2-QMQ8...

mimic-kit (>=0.1.0 <=0.1.1), modelscope (>=1.9.0 <=1.9.1) +3 more potentially affected by CVE-2026-10801 via ms-swift (>=1.3.0 <=4.2.2)

ms-swift PYPI version =1.3.0, =0.1.0, =1.9.0, =1.3.0, =0.0.1, =0.1.2, =0.1.3 Source cves: CVE-2026-10801 Source advisory: SNYK:PYTHON-MSSWIFT-17152951...

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

openjdk: Enhance key generation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....