39500 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46595
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key,...
ROS-20260524-73-0043
Vulnerability in mariadb related to security configuration errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Invalid handling of CLASS != IN
...
CVE-2026-45078 vulnerabilities
Vulnerabilities for packages: synapse...
GHSA-7FXW-R6JV-74C8 vulnerabilities
Vulnerabilities for packages: drupal...
CVE-2026-46640 vulnerabilities
Vulnerabilities for packages: drupal...
GHSA-24X9-R6Q4-Q93W vulnerabilities
Vulnerabilities for packages: drupal...
CVE-2026-46633 vulnerabilities
Vulnerabilities for packages: drupal...
Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4278 Malicious code in llm-context-compressor (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4280 Malicious code in node-setup-helpers (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
CVE-2026-41076
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...
CVE-2026-42154 vulnerabilities
Vulnerabilities for packages: prometheus, minio...
GHSA-58QX-3VCG-4XPX vulnerabilities
Vulnerabilities for packages: code-server, kubeflow-pipelines, opensearch-dashboards, argo-workflows, langfuse, vitess...
CVE-2026-39965 TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...
CVE-2026-25680
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...
CISA Security Leak
Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...
SUSE CVE-2026-47254
unknown...
SUSE CVE-2026-48029
unknown...