CVE-2026-53259

CVE-2026-53259 describes a Linux kernel slab-use-after-free in ipv6_acaddr handling. The bug occurs in the ipv6 anycast path where an aca (ipv6_acaddr) is published to idev->ac_list under idev->lock but inserted into the global inet6_acaddr_lst hash after unlock, allowing a concurrent teard...

Malicious code in aca-review-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4019ca27647236621668ae5e45dd104c23d60ad5b64fd5179ad09efda40cc345 The package aca-review-apps was found to contain malicious code...

MAL-2026-2720 Malicious code in aca-review-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4019ca27647236621668ae5e45dd104c23d60ad5b64fd5179ad09efda40cc345 The package aca-review-apps was found to contain malicious code...

@alfresco/aca-generators (>=1.0.0 <=1.0.1), @alfresco/adw-generators (>=1.0.0 <=1.0.1) +98 more potentially affected by CVE-2025-10894 via nx (>=21.5.1-beta.3 <=21.7.0-canary.20250930-e144408)

nx NPM version =21.5.1-beta.3, =1.0.0, =1.0.0, =0.0.1, =11.0.0, =0.52.0, =2.23.0, =0.7.10, =1.0.0, =3.22.0, =9.0.0-next.68, =1.4.0, =3.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41443...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...

Malicious code in @syska/aca-gui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c3f4460092e1b289ec60a15ed80e3a418d95fc95a42072bc38a787c9db2f5cf1 The OpenSSF Package Analysis project identified '@syska/aca-gui' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8390 Malicious code in @syska/aca-gui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c3f4460092e1b289ec60a15ed80e3a418d95fc95a42072bc38a787c9db2f5cf1 The OpenSSF Package Analysis project identified '@syska/aca-gui' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

aca-uat.adp.com Cross Site Scripting vulnerability OBB-3079165

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-3160

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server...

Deserialization of untrusted data

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server...

CVE-2021-3160

CVE-2021-3160 affects the login page of ASSUWEB 359.3 build 1, a subcomponent of ACA ASSUREX RENTES. The issue is deserialization of untrusted data, allowing a remote attacker to craft an HTTP request that injects an unsecure serialized Java object, resulting in unauthenticated remote code execut...

Aca Assurex Rentes Code Issue Vulnerability

Aca Assurex Rentes is a Saas service for the management of all types of funds from the French company Aca. The service covers the entire lifecycle of an annuity contract: liquidation, calculation simulation, pricing, arrears calculation, payments, revaluation, justification, calculation of...

The CMS Allows Health Plans to Host Their Own Enrollment Applications for Improved Consumer Experience

As part of the ongoing implementation of the Affordable Care Act ACA, the Centers for Medicare and Medicaid Services CMS recently began permitting direct enrollment entities qualified health plan issuers and web-brokers to host their own enrollment applications on their websites instead of proxyi...

Obamacare Website Denial-of-Dervice Tool Discovered

Arbor Networks’ Security Engineering and Response Team ASERT has discovered a denial-of-service tool specifically designed to target the U.S. government’s healthcare enrollment marketplace, Healthcare.gov. Healthcare.gov is established by the Affordable Care Act ACA in the United States, perhaps...