Important: Red Hat Security Advisory: Updated discovery-cli release RPM versions 2.4.3

Updated Discovery Release RPM 2.4.3 for discovery-cli dsc is now available for Discovery 2.4. New 2.4.3 version of discovery-cli dsc is now available for Discovery 2.4. This version contains a fix for CVE-2026-24049...

RHEL 10 / 8 / 9 : Updated discovery-cli RPM versions 2.4.3 (Important) (RHSA-2026:2823)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:2823 advisory. New 2.4.3 version of discovery-cli dsc is now available for Discovery 2.4. This version contains a fix for CVE-2026-24049 . Tenable has...

EFM iptime A6004MX 代码问题漏洞

EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

`sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

GHSA-6V2J-VR4H-F632 `finch_cli_rust` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finchcli to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 18 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reportin...

CVE-2026-26014 vulnerabilities

Vulnerabilities for packages: kubo-fips, livekit-server, ipfs-cluster-fips, kubo, livekit-cli, spegel, livekit-server-fips, rke2-runtime, ipfs-cluster, livekit-egress, k3s, rke2-runtime-fips, telegraf, spegel-fips...

@cognigy/cognigy-cli (>=1.9.7 <=2.1.0), @meta-1/nest-ai (>=0.0.1 <=0.0.5) +10 more potentially affected by CVE-2026-26019 via @langchain/community (>=1.0.0 <=1.1.12)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.2.0, =0.0.16, =1.4.13, =1.0.0, =3.1.0, =0.3.0, =0.0.210, =0.1.1, =0.1.2 Source cves: CVE-2026-26019 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15268428...

@bloggrify/bento (>=0.9.5 <=1.0.0), @bloggrify/core (>=1.6.0 <=2.0.2) +26 more potentially affected by CVE-2025-69874 via nanotar (=0.1.1)

nanotar NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on nanotar and may be impacted: - @bloggrify/bento =0.9.5, =1.6.0, =1.3.1, =1.2.2, =0.1.2, =51.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.0, =1.1.1, =0.50.0, =0.50.0, =51.0.2 and mor...

Malicious Package

Overview node-dotenv-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in node-dotenv-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76b47bebee6a74c00d3be10fad072e05074a62b29205377f682463290bad39c3 The package node-dotenv-cli was found to contain malicious code. Source: ghsa-malware 5bb66069e2bde985ae448962eaaf6373cd54aa2cd51fb20a0fef26ecb5dee2d...

MAL-2026-853 Malicious code in node-dotenv-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76b47bebee6a74c00d3be10fad072e05074a62b29205377f682463290bad39c3 The package node-dotenv-cli was found to contain malicious code. Source: ghsa-malware 5bb66069e2bde985ae448962eaaf6373cd54aa2cd51fb20a0fef26ecb5dee2d...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

[SECURITY] Fedora 42 Update: rust-oo7-cli-0.3.3-5.fc42

System keyring access from the terminal...

agent-builder (>=0.0.2 <=0.1.7), agent-memory-layer (>=0.1.0 <=0.1.1) +85 more potentially affected by CVE-2026-26013 via langchain-openai (>=1.0.0 <=1.1.7)

langchain-openai PYPI version =1.0.0, =0.0.2, =0.1.0, =0.1.0, =1.0.6, =1.0.0, =0.1.0, =0.0.4, =3.0.3, =0.0.1, =0.0.48, =0.0.54, =0.1.2, =0.1.3 and more Source cves: CVE-2026-26013 Source advisory: SNYK:PYTHON-LANGCHAINOPENAI-15263095...

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: helm-operator, nvidia-container-toolkit, cert-manager-istio-csr, opensearch-k8s-operator, crossplane-provider-azure-managedidentity, victoriametrics-cluster, flux-operator, terraform-mcp-server, kube-state-metrics, sftpgo-plugin-pubsub, victoriametrics, consul-k8s,...

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: wire-go, helm-operator, nvidia-container-toolkit, velero-plugin-for-microsoft-azure, velero-plugin-for-csi, cert-manager-istio-csr, opensearch-k8s-operator, crossplane-provider-azure-managedidentity, victoriametrics-cluster, flux-operator, terraform-mcp-server,...

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: nats-server, apache-beam-java-sdk, tetragon, gitlab-kas-fips, kubernetes-csi-external-resizer, jaeger-operator, pgwatch, amazon-ecs-agent, grype-fips, stakater-reloader, nsc-fips, vitess, azcopy-fips, kubernetes-ingress-defaultbackend-fips, cert-manager-cmctl,...

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: nats-server, tetragon, gitlab-kas-fips, kubernetes-csi-external-resizer, jaeger-operator, pgwatch, amazon-ecs-agent, grype-fips, stakater-reloader, nsc-fips, vitess, azcopy-fips, kubernetes-ingress-defaultbackend-fips, cert-manager-cmctl,...