stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback

Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...

Fedora 44 : nodejs22 (2026-3b76d8047d)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b76d8047d advisory. Update to version 22.22.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION: @isaacs/brace-expansion is a hybrid CJS/ESM...

Security Bulletin: IBM dataPower Gateway affected by prototype pollution vulnerability in Lodash

Summary The affected package is used in the UI and API Gateway Director components Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - January 2026 CPU affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - January 2026 has been published in multiple security bulletins. These products have addressed the...

Security Bulletin: Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[CVE-2023-38265, CVE-2023-38005]

Summary Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect Cloud Pak System respectively. IBM Cloud Pak System could allow an authenticated user to perform unauthorized tasks due to improper access controls , and disclose folder location informati...

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in RGW (CVE-2024-48916)

Summary Ceph Rados Gateway RadosGW OIDC provider is used by IBM Storage Ceph in RGW. CVE-2024-48916 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2024-48916 DESCRIPTION: Ceph is a distributed object, block, and file storage...

Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...

VulnCheck KEV: CVE-2025-58443

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

Arbitrary Code Injection

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code ...

Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion

Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...

Security Bulletin: A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution (CVE-2025-7783)

Summary A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution . form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

EUVD-2021-1490

Malware in sbrugna...

EUVD-2025-19232

Malicious code in bioql PyPI...

EUVD-2024-41533

Malicious code in bioql PyPI...

EUVD-2024-0948

Malicious code in bioql PyPI...

EUVD-2023-0684

Malicious code in bioql PyPI...

EUVD-2022-6906

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.80 security and extras update

Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...