EUVD-2026-1703

GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

SUSE-SU-2026:20045-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed Integer overflow in in gescapeuristring bsc1254297 - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption bsc1254662 - CVE-2025-14512: Fixed Integer Overflow in GLib GIO Attribute Escaping Caus...

GHSA-6C5R-4WFC-3MCX vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, splunk-otel-collector-fips...

GHSA-QV3P-FMV3-9HWW vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, splunk-otel-collector-fips...

CVE-2021-34429 vulnerabilities

Vulnerabilities for packages: apache-hop, apache-hop-fips...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000205)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000205 advisory. An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the...

EUVD-2026-0467

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0666

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...

EUVD-2025-205183

In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...

PT-2025-53178

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the driver subsystem, specifically in the soc/xilinx component. A use-after-free condition exists due to the improper handling of a hash table...

Lazarus Group Embed New BeaverTail Variant in Developer Tools

North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...

MAL-2025-192436 Malicious code in jsonschema-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

CGA-644H-55G8-MMPX

Bulletin has no description...

EUVD-2025-200987

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system, which may allow a local user to execute arbitrary commands wi...

MAL-2025-191553 Malicious code in tailwind-scrollbar-variant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7a64f578e119daa50df50bd0cd9178bd4035b7ca595a72dc2b10da57b658d9 The package tailwind-scrollbar-variant was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwind-scrollbar-variant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7a64f578e119daa50df50bd0cd9178bd4035b7ca595a72dc2b10da57b658d9 The package tailwind-scrollbar-variant was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-200199

Malicious code in tailwind-scrollbar-variant npm...

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that...