CVE-2026-41009 - Local Blobstore may allow arbitrary reads/deletes | Cloud Foundry

MEDIUM CVSSv4: Medium 4.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L CVSSv3: Medium 5.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:L Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

CVE-2026-27143

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

Malicious code in tailwind-compile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbf65c7619b6b53280e5b8466ad34ab144b9e6f1da1ab9a80fc621001cc380e The package tailwind-compile was found to contain malicious code. Source: ghsa-malware c6dd40384bf67bcd86f55c070ba74b522d8a9531dec334d4604f0b3737cd96...

EUVD-2025-179508

Malicious code in cron-optimize-thread-cat-compile npm...