Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to...

MAL-2026-5920 Malicious code in pretie_x2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc0da1230156c752bfa8b3456568e30a9eeb73c4100bff87777ae57d9f562e75 Package name pretiex2 and its description 'Opinionated code formatter for modern JavaScript and TypeScript.' with keywords including prettier...

Malicious code in pretie_x1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6308c285cb943f91fc16f7872bce135b8347b827139f5ad0cf8706ba992f104 Package masquerades as the prettier formatter name pretiex1, description "Opinionated code formatter for modern JavaScript and TypeScript.", keywords...

MAL-2026-5919 Malicious code in pretie_x1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6308c285cb943f91fc16f7872bce135b8347b827139f5ad0cf8706ba992f104 Package masquerades as the prettier formatter name pretiex1, description "Opinionated code formatter for modern JavaScript and TypeScript.", keywords...

Deserialization of Untrusted Data

Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer while reconstructing Python objects from JSON checkpoint payloads. An attacker can...

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

CVE-2026-53858

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

CVE-2026-48775

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...

CVE-2026-47964

DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-0164

CVE-2026-0164 affects Modem with an out-of-bounds write due to a missing bounds check, enabling remote code execution without extra privileges or user interaction. The vulnerability is classified as RCE with high impact on confidentiality, integrity, and availability. Public sources (NVD/ENISA/NV...

CVE-2026-0164

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0162

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0162

Technical details for CVE-2026-0162 are not publicly provided in the connected documents. The available descriptions only indicate a memory corruption in AudioSdpParser.cpp potentially enabling remote code execution. Monitor for updates and additional technical disclosures.

CVE-2026-0160

The vulnerability CVE-2026-0160 affects the TextRtpPayloadDecoderNode, specifically in DecodeT140 of TextRtpPayloadDecoderNode.cpp. It is caused by a missing bounds check that can result in an out-of-bounds write. The documented impact is remote code execution with no additional privileges requir...

CVE-2026-0160

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0154

CVE-2026-0154 affects the Modem component and describes a memory corruption issue triggered by a SIP REFER request that could enable remote code execution with no additional privileges and without user interaction. The connected documents consistently state this is a Modem/SIP REFER memory corrup...

CVE-2026-0154

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0151

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0151

CVE-2026-0151 describes an out-of-bounds write in the function IntfGraphCreate() (intfgraph.c) caused by an integer overflow. The vulnerability could enable remote code execution with no required privileges and no user interaction. All connected sources consistently cite this exact issue and its ...

CVE-2026-0149

CVE-2026-0149 describes a heap-based OOB write in RtpSession::rtpSendRtcpPacket that can lead to remote code execution with no extra privileges or user interaction. Affected component mentioned in Android Pixel bulletin is libpixelimsmedia. Connected sources (NVD/OSV) corroborate the same vulnera...