CVE-2026-56121

A flaw was found in Feast. This vulnerability allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a specially crafted gRPC request to the registry server, attackers can exploit an unsafe deserialization process. This enables them to execute operating syst...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.68 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

XWiki Platform - SQL Injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

XWiki Platform - Remote Code Execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

CVE-2026-8330

GitLab CE/EE versions affected: all 9.3–<18.11.6, 19.0–<19.0.3, and 19.1–

GHSA-5HH8-Q8HV-FR38 vulnerabilities

Vulnerabilities for packages: airbyte-server, apache-activemq-fips, infinispan, geoserver, spdx-tools-java, apicurio-registry, trino, strimzi-kafka-operator, thingsboard, apache-tomee, nacos, request-9047-keycloak-fips, airbyte-server-fips, strimzi-kafka-operator-fips...

GHSA-MX8G-39Q3-5C79 vulnerabilities

Vulnerabilities for packages: argo-workflows...

GHSA-9FXM-VC8V-HJ55 vulnerabilities

Vulnerabilities for packages: trino, apicurio-registry, spdx-tools-java, infinispan, thingsboard, strimzi-kafka-operator...

CVE-2026-50551

creationtimestamp| type| source ---|---|--- 2026-06-25 02:08:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3dwi46mr2x 2026-06-25 03:00:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp3gsuacvy2b 2026-06-25 03:00:28+00:00| seen|...

EUVD-2026-39160

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

CVE-2026-8592

The CVE-2026-8592 entry describes an OS Command Injection in the process_string action of the Rapid7 InsightConnect AWK Plugin on Linux, caused by unsafe shell command construction in the processing pipeline. The vulnerability could allow remote attackers to execute arbitrary OS commands via the ...

CVE-2026-8664

CVE-2026-8664 affects the Rapid7 InsightConnect Finger Plugin on Linux. The vulnerability is an OS Command Injection caused by insufficient input validation during shell command construction, allowing an authenticated attacker to execute arbitrary OS commands via the user or host parameters. The ...

CVE-2020-15323

creationtimestamp| type| source ---|---|--- 2026-06-25 01:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp3ai6xceu2n...

EUVD-2026-39152

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network...

Malicious code in leo-logger (npm)

The leo-logger npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in leo-connector-redshift (npm)

The leo-connector-redshift npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

Malicious code in leo-cdk-lib (npm)

The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in leo-aws (npm)

The leo-aws npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...