io.github.coffee330501:internal-call (>=1.0.4 <=1.1.0), org.bouncycastle:bcmail-jdk14 (>=1.71 <=1.83) +12 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-jdk14 (>=1.71 <=1.83)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.71, =1.0.4, =1.71, =1.71, =1.71, =1.71, =1.71, =0.2.5, =1.0.1-rc.1, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.3.2 Source cves: CVE-2026-5598 Source advisory: OSV:GHSA-P93R-85WP-75V3...

MINI-Q54M-8JFW-FCCJ

Bulletin has no description...

MINI-HG5W-RPCX-GX22

Bulletin has no description...

Security Bulletin: Vulnerability in libssh library (CVE-2025-5372) affects Power HMC.

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-5372 DESCRIPTION: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible...

BELL-CVE-2026-23343

Bulletin has no description...

BIT-LIBPYTHON-2026-4519 webbrowser.open() allows leading dashes in URLs

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

BELL-CVE-2026-33412

Bulletin has no description...

RLSA-2023:5537 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvp...

@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +124 more potentially affected by CVE-2026-31865 via elysia (>=0.1.2 <=1.4.26)

elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =1.6.1-canary.0 and more Source cves: CVE-2026-31865 Source advisory: OSV:GHSA-8HQ9-PHH3-P2WP...

RHSA-2026:4440 Red Hat Security Advisory: freerdp security update

Bulletin has no description...

UBUNTU-CVE-2026-26131

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2538 more potentially affected by CVE-2026-28804 via pypdf (>=3.10.0 <=6.7.4)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.0.1, =0.4.1, =0.3.6, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =1.2.32, =2.0.2 and more Source cves: CVE-2026-28804 Source advisory: OSV:GHSA-9M86-7PMV-2852...

MINI-V47M-3GW4-XPJM

Bulletin has no description...

CLSA-2026-1771236630 nodejs: Fix of CVE-2026-21637

CVE-2026-21637: route callback exceptions through error handlers...

@aliceoq/library-test (>=1.3.2 <=1.3.3), @bentwnghk/chat (>=1.61.0 <=1.107.2) +169 more potentially affected by CVE-2026-0969 via next-mdx-remote (>=4.4.1 <=5.0.0)

next-mdx-remote NPM version =4.4.1, =1.3.2, =1.61.0, =1.1.1, =0.0.2, =1.0.0, =0.1.1, =0.0.1, =2.13.2, =0.0.3, =0.2.0, =0.5.0, =0.0.66, =0.1.10-0 and more Source cves: CVE-2026-0969 Source advisory: OSV:GHSA-G4XW-JXRG-5F6M...

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +8 more potentially affected by unknown CVE via renovate (>=32.241.11 <=40.21.2)

renovate NPM version =32.241.11, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-36J9-MX87-2CFF...

CVE-2023-40204

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2...

ECHO-DA22-2BDE-8B83

Bulletin has no description...

MAL-2025-192872 Malicious code in sturdyfetch3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51688b3b85839d3b57f16cceb31d5a8eea4de19c3d9ad73395386c9a7b0ef1ca The package sturdyfetch3 was found to contain malicious code...