Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-118 (ALASDOCKER-2026-118)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-118 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

UBUNTU-CVE-2026-44728

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

CVE-2026-44728

CVE-2026-44728 affects Babel, a JavaScript compiler. Vulnerability occurs when compiling code that is specifically crafted by an attacker, enabling output code to execute arbitrary code. Affects Babel versions 7.12.0 through before 7.29.4 and 8.0.0-alpha.13. Root cause is the generation of advers...

Babel 安全漏洞

Babel is a JavaScript compiler developed by Babel OpenSource. Versions of Babel from 7.12.0 to 7.29.4, as well as 8.0.0-alpha.13, have security vulnerabilities. These vulnerabilities stem from the possibility of generating outputs that can execute arbitrary code during the compilation of speciall...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Medium: soci-snapshotter

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

MAL-2026-4707 Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

Database-Exploitation-Manual

🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...

gcc-toolset-13-gcc bug fix and enhancement update

An update is available for gcc-toolset-13-gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc-toolset-13-gcc13 package contains the GNU Compiler...

CLSA-2026-1779361233 java-1.8.0-openjdk: Fix of 7 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22016: enhance Path Factories Redux - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg – fixed a memory leak in the error handling path. In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb allocated by alloccanerrs...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in Oracle Java SE Component: Compiler. The supported versions affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. This vulnerability is difficult to exploit, allowing an unauthenticated attacker with network access via multiple protocols to compromise...

PT-2026-42173

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The Compiler::string function fails to escape single quotes when generating PHP double-quoted string literals. In ModuleNode::compileConstructor, template names from a % use % tag are processed...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1671)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1671 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1660)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1660 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1637)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1637 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1645)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1645 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

com.squareup.wire:com.squareup.wire.gradle.plugin (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-compiler (>=7.0.0-alpha01 <=7.0.0-alpha02) +11 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=7.0.0-alpha01 <=7.0.0-alpha02)

com.squareup.wire:wire-runtime-jvm MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source...

MAL-2026-3968 Malicious code in @antv/g-webgpu-compiler (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...