Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2026-9006

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. CVE-2026-9006 Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

CVE-2026-53632

CVE-2026-53632 affects the npm package launch-editor . Before version 2.14.1, it can open arbitrary paths including Windows UNC paths; when a UNC path is opened Windows triggers NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled ...

CVE-2026-12813

Affected software: activepieces (

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid 4.x before 4.15, and in 5.x before 5.0.6. If a remote server sends a certain response header via HTTP or HTTPS, it can lead to a denial of service. This header can potentially appear in legitimate network traffic...

CVE-2026-55201

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

MAL-2026-5785 Malicious code in ve-hemi-rewards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8252216c6621e6391775d34f5e32815ab8c2a830df080fed52113b4cf855aa1 On npm install, the package's preinstall lifecycle invokes postinstall.js, which collects hostname, username, and current working directory, then...

Malicious code in 0x2ai-demo6x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf57dfddd0bfd0def03360ae66ea88dd6d4e875cbcb42880a4277eb2d1df269a On npm install, scripts/postinstall.cjs recursively copies the package's payload/ directory into process.env.INITCWD the installer's project root,...

Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

MAL-2026-5612 Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

MAL-2026-5532 Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

Malicious code in bittensor-burn-monitor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d4b7067997b5bc9822e964b16a3b4e78b5ec637086732d143889e577fa2d886 bittensor-burn-monitor advertises itself as a Bittensor subnet burn-rate monitor but ships a covert clipboard logger that exfiltrates installers'...

EUVD-2026-34972

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

CVE-2026-10276

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-8644)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...