avalanche-config-installer (>=0.2.36 <=0.2.43), avalanche-installer (>=0.0.18 <=0.0.32) +38 more potentially affected by unknown CVE via aws-sdk-s3 (>=0.0.26-alpha <=0.9.0)

aws-sdk-s3 CARGO version =0.0.26-alpha, =0.2.36, =0.0.18, =0.0.42, =0.0.5, =0.0.24, =0.0.1, =0.0.0, =0.0.46, =0.1.7, =0.4.0, =0.4.0, =0.1.1, =0.1.0, =0.8.0, =0.8.0, =0.12.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

Improper Certificate Validation

github.com/neuvector/neuvector is vulnerable to improper certificate validation. The vulnerability is due to the lack of TLS certificate verification and absence of response size limits when transmitting anonymous telemetry data, which allows an attacker to perform man-in-the-middle MITM attacks ...

CVE-2026-22535

CVE-2026-22535 concerns an attacker with network access and valid credentials who can write to the server topics that control MQTT communications due to unencrypted MQTT protocol. The issue is described across multiple feeds (Red Hat, NVD, CIRCL, CVE lists, EUVD/ENISA, CNNVD, etc.) as a vulnerabi...

CVE-2025-4656 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-6013 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-6013 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector, vault...

CVE-2025-4656 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...

GHSA-9G4H-H484-3578 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...

Malicious Package

Overview open-telemetry-mini-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-76 Malicious code in open-telemetry-mini-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ad802a8e687f98fad0939faad9c0b5d2031689d0326e21e70785eade52bf15 The package open-telemetry-mini-client was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1123

Malicious code in open-telemetry-mini-client npm...

Malicious code in open-telemetry-mini-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ad802a8e687f98fad0939faad9c0b5d2031689d0326e21e70785eade52bf15 The package open-telemetry-mini-client was found to contain malicious code. Source: ghsa-malware...

PT-2026-21709

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A flaw exists due to incorrect boundary conditions within...

PT-2026-27386

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A sandbox escape exists because of incorrect boundary...

Malicious Package

Overview @ikarem/telemetry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

ESET Threat Report H2 2025

This is the H2 2025 issue of the ESET Threat Report. It covers everything from AI malware to NFC threat trends. The threat statistics and trends presented in this report are based on global telemetry data from ESET...

Satellite Cybersecurity across Orbital Altitudes: Analyzing Ground-Based Threats to LEO, MEO, and GEO

The rapid proliferation of satellite constellations, particularly in Low Earth Orbit LEO, has fundamentally altered the global space infrastructure, shifting the risk landscape from purely kinetic collisions to complex cyber-physical threats. While traditional safety frameworks focus on debris...

RHEL 9 : opentelemetry-collector (RHSA-2025:23729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23729 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

New Microsoft e-book: 3 reasons point solutions are holding you back

While patchwork tools slow defenders down and impact visibility into potential cyberthreats, they’re an unfortunate reality for many organizations. As digital risk accelerates and attack surfaces multiply, security leaders are doing their best to stitch together point solutions while trying to...

@agentuity/evals (>=0.0.104 <=2.0.23), @agentuity/hono (>=3.0.0-alpha.0 <=3.0.0-beta.4) +291 more potentially affected by CVE-2025-68154 via systeminformation (>=5.0.6 <=5.27.13)

systeminformation NPM version =5.0.6, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =0.0.0-test.0, =0.0.0-test.0, =0.0.0-test.0, =5.0.0-private.20260319 and more Source cves: CVE-2025-68154 Source...