Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016612 advisory. When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memor...

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016617 advisory. When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even f...

@agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294), @ant-design/charts (>=2.2.2 <=2.6.7) +78 more potentially affected by unknown CVE via @antv/graphin (=3.0.5)

@antv/graphin NPM version =3.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin and may be impacted: - @agentscope-ai/chat =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0,...

@ant-design/charts (>=1.0.17-beta.1 <=1.1.4-alpha.0), @thcloud/vmap (>=1.0.1 <=1.0.2) +7 more potentially affected by unknown CVE via @antv/l7-district (=2.3.12)

@antv/l7-district NPM version =2.3.12 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/l7-district and may be impacted: - @ant-design/charts =1.0.17-beta.1, =1.0.1, =0.1.0, =4.4.1, =1.0.13, =1.0.0, =1.0.0, =2.0.2, =2.1.8 Source cves: unknown CVE...

@ant-design/graphs (>=2.0.0 <=2.0.4), @antv/g6-extension-react (>=0.0.1 <=0.1.19) potentially affected by unknown CVE via @antv/react-g (=2.1.1)

@antv/react-g NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/react-g and may be impacted: - @ant-design/graphs =2.0.0, =0.0.1, =0.1.19 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4076...

CVE-2026-43892

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

CVE-2026-43892 AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

EUVD-2026-29721

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

CVE-2026-43892 AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

PT-2026-40329

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

RHCOS 4 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

RHCOS 3 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - jenkins-2-plugins/subversion: XML parser is not preventing XML external...

RHCOS 4 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

MAL-2026-2669 Malicious code in ant-mcp-proxy-for-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51df3beb4457da4a841727c91a2517ba5727c841c08f9d43cf2b25be9e476564 During use of the package, it silently downloads and executes remote executables or scripts. During analysis, the remote resources were no longer available. Th...

Malicious code in ant-mcp-proxy-for-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51df3beb4457da4a841727c91a2517ba5727c841c08f9d43cf2b25be9e476564 During use of the package, it silently downloads and executes remote executables or scripts. During analysis, the remote resources were no longer available. Th...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to ant

Summary Ant is used by IBM webMethods BPM for internal build and deployment operations. Vulnerability Details CVEID:CVE-2012-2098 DESCRIPTION: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before...

CVE-2023-31707

SEMCMS 1.5 is vulnerable to SQL Injection via AntRponse.php...

CVE-2019-18350

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script...

EUVD-2025-199366

Malicious code in gatsby-plugin-antd npm...