MAL-2026-4158 Malicious code in word-width (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

CVE-2026-28353

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

Inside the F5 Breach: What We Know and Recommended Actions

On October 15, 2025, F5 Networks disclosed a breach attributed to a sophisticated nation-state actor. In an SEC 8-K form also filed that same day, F5 confirmed unauthorized access to its internal development and knowledge-management systems dating back to August 9, 2025. Some source-code and...

EUVD-2024-54615

Malicious code in bioql PyPI...

PT-2025-23311 · Unknown · Com.Pri.Applock

Name of the Vulnerable Software and Affected Versions: com.pri.applock version 13 version code: 33 com.pri.applock affected versions not specified Description: The application "com.pri.applock" allows users to encrypt applications using a PIN code or biometric data. However, the...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.12 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.12 (RHSA-2025:1747)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1747 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

MAL-2025-78 Malicious code in gatsby-hampton-theme (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14760a588a97ce4f749c5fc92a6eb3c66f77de950ea1a35c92b0dc6ed695b861 Any computer that has this package install...

MAL-2024-12160 Malicious code in unisocks (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7048c72cc0d604b91309e2009ab3661aa15f1f3199079d12871d1a54a2041b6b Any computer that has this package install...

Security Bulletin: IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache CXF

Summary IBM Sterling B2B Integrator uses Apache CXF. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID: CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)

Summary A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364

Summary IBM ECM Content Management Interoperability Services CMIS cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by ...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to remote code execution due to Apache CXF (CVE-2022-46363)

Summary Apache CXF is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastructure. Information about security vulnerabilities affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow...