SUSE CVE-2026-46238

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...

CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

PT-2026-21555

Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache WordPress plugin versions prior to 3.0.5 Description The Aruba HiSpeed Cache WordPress plugin is susceptible to a cross-site request forgery CSRF issue impacting several administrative AJAX actions. Specifically, the ahsc...

CVE-2025-71090 nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg()

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsdfile reference leak in nfsd4addrdaccesstowrdeleg nfsd4addrdaccesstowrdeleg unconditionally overwrites fp-fifdsORDONLY with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREAD open from a...

Adobe Experience Manager (AEM) Unauthenticated Cache Purge

This plugin detects the presence of the Adobe Experience Manager AEM Dispatcher cache purge functionality that is accessible without authentication. An unauthenticated cache purge can allow an attacker to clear cached content, leading to potential service disruption or performance degradation. No...

EUVD-2025-29226

Malicious code in bioql PyPI...

EUVD-2025-29260

Malicious code in bioql PyPI...

EUVD-2023-24117

Malicious code in bioql PyPI...

EUVD-2025-2732

Malicious code in bioql PyPI...

EUVD-2025-27524

Malicious code in bioql PyPI...

EUVD-2025-29229

Malicious code in bioql PyPI...

EUVD-2025-22300

Malicious code in bioql PyPI...

GHSA-FRH7-2F84-V9MW [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

GHSA-5FVM-P68V-5WMH [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

GHSA-4X49-VF9V-38PX [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

CVE-2025-59145

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...