CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

CVE-2026-29063

CVE-2026-29063 affects Immutable.js, where prototype pollution is possible via mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs in versions prior to 3.8.3, 4.3.7, and 5.1.5. IBM security bulletins corroborate the issue and list affected IBM products (e.g., Cloud Pak for ...

OESA-2026-1504 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdpredirectcpu with some ...

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon, which stems from the fact that the authentication identifiers can be accessed publicly through a web-based map platform...

Mobiliti 安全漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, as the authentication identifiers can be accessed publicly through a web-based map platform...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8069-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8069-1 advisory. It was discovered that ImageMagick did not properly decode certain SUN image files. An attack...

CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

EUVD-2026-9873

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

CVE-2026-28789

OliveTin prior to 3000.10.3 is vulnerable to an unauthenticated denial-of-service in the OAuth2 login flow. Concurrent requests to /oauth/login can access a shared registeredStates map unsafely, causing a Go runtime panic (fatal error: concurrent map writes) and terminating the process when OAuth...

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...

CVE-2026-28784

Craft is a content management system CMS. Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to...

How a Music Streaming CEO Built an Open-Source Global Threat Map in His Spare Time

Frustrated by fragmented war news, Anghami’s Elie Habib built World Monitor, a platform that fuses global data, like aircraft signals and satellite detections, to track conflicts as they unfold...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005635 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for bankmap Thee maximum number of MCA banks is 64 MAXNRBANKS, see...

Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

GHSA-WF6X-7X77-MVGW Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

CVE-2026-28784

Craft is a content management system CMS. Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to...

CVE-2026-28784

Craft CMS is affected by a Server-Side Template Injection (Twig map filter) vulnerability prior to versions 5.8.22 and 4.16.18. The issue arises in text fields that accept Twig input (Settings in the Craft Control Panel or via the System Messages utility), allowing an attacker with administrator ...