SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory. This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 -...

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the incorrect default...

PT-2026-43362

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

Falco 0.44.0

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

OSV-2026-808 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...

Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

MAL-2026-4600 Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

Demystifying the Mythos or Disrupting Bugonomics? from Zero-Day Asymmetry to Defender Remediation Throughput

Recent demonstrations of large language models producing candidate and confirmed vulnerabilities in production software have renewed the narrative that AI will reshape offensive and defensive security. Headlines emphasize capability; they rarely interrogate costs and incentives. This paper examin...

Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

Exploit for Untrusted Pointer Dereference in Microsoft

ntoskrnl-metadata An IDA Python script for extracting critica...

Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

Malicious code in tailwind-style-typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...

Malicious code in events-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...

OPENSUSE-SU-2026:20789-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFSA 2026-48: - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine...

Malicious code in share-anything-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290f9dadaf589349dd8a7c641450aca713a6ead63b2ba685c15e4e6a37ab3b07 The package's package.json declares a postinstall lifecycle hook "postinstall": "node install.js" that runs install.js automatically on npm install...

MAL-2026-4668 Malicious code in share-anything-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290f9dadaf589349dd8a7c641450aca713a6ead63b2ba685c15e4e6a37ab3b07 The package's package.json declares a postinstall lifecycle hook "postinstall": "node install.js" that runs install.js automatically on npm install...

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

PT-2026-42748

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...