39489 matches found
CVE-2026-35352 vulnerabilities
Vulnerabilities for packages: uutils...
[SECURITY] Fedora 44 Update: dovecot-2.4.4-1.fc44
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...
Linux Distros Unpatched Vulnerability : CVE-2026-48827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...
Linux Distros Unpatched Vulnerability : CVE-2025-60485
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of...
GHSA-Q6M9-XJ2W-XMRC vulnerabilities
Vulnerabilities for packages: uutils...
GHSA-5V4G-VW9X-H534 vulnerabilities
Vulnerabilities for packages: uutils...
GHSA-898C-Q2CR-XWHG vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, librechat, nextcloud-server, opensearch-dashboards-fips, wazuh-dashboard, gitlab-rails-ce-fips, prism, jitsucom-jitsu, langfuse-fips, wazuh-dashboard-fips, opensearch-dashboards, lerna, langfuse, unleash, kibana, redisinsight, gitlab-rails-...
GHSA-35JP-WW65-95WH vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, librechat, nextcloud-server, opensearch-dashboards-fips, wazuh-dashboard, gitlab-rails-ce-fips, prism, jitsucom-jitsu, langfuse-fips, wazuh-dashboard-fips, opensearch-dashboards, lerna, langfuse, unleash, kibana, redisinsight, gitlab-rails-...
CVE-2026-44492 vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, librechat, nextcloud-server, opensearch-dashboards-fips, wazuh-dashboard, gitlab-rails-ce-fips, prism, jitsucom-jitsu, langfuse-fips, wazuh-dashboard-fips, opensearch-dashboards, lerna, langfuse, unleash, kibana, redisinsight, gitlab-rails-...
Vulnerability Disclosure in the Age of AI
New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitab...
Malicious code in chai-as-minted (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-46605
Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, fr...
Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems
Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...
CVE-2026-43513
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in...
Linux Distros Unpatched Vulnerability : CVE-2024-13745
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - edk2 - None Ubuntu Linux - Unknown description CVE-2024-13745 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-42250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bzip2 contains an offbyone error in the bzip2recover utility. When processing a specially crafted file, the application performs an outofbounds write to a globa...
Malicious code in @redhat-cloud-services/types (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious Package
Overview Sicoob-Cooperativa.Sicoob.Investimentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...
Exploit for CVE-2026-8836
CVE-2026-8836 — lwIP SNMPv3 Stack Overflow PoC Proof of conce...