MAL-2026-4571 Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...

UBUNTU-CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33642

CVE-2026-33642 affects Kitty up to version 0.46.2. The issue arises in handle_compose_command() in kitty/graphics.c, where 32-bit unsigned arithmetic for composition offsets can wrap and enable a heap buffer over-read/over-write. An attacker who can emit output to a Kitty terminal (e.g., maliciou...

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-35469 affecting package docker-compose for versions less than 2.27.0-10

CVE-2026-35469 affecting package docker-compose for versions less than 2.27.0-10. A patched version of the package is available...

CLEANSTART-2026-FK40318 Security fixes for CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33747, CVE-2026-33748, CVE-2026-34040, CVE-2026-39882, CVE-2026-39883, ghsa-4c29-8rgm-jvjj, ghsa-4vrq-3vrq-g6gg, ghsa-hfvc-g4fc-pqhx, ghsa-p77j-4mvh-x3m3, ghsa-w8rr-5gcm-pp58 applied in versions: 5.1.0-r0

Multiple security vulnerabilities affect the docker-compose package. These issues are resolved in later releases. See references for individual vulnerability details...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

SECpocs

Next.js React Server Components RCE Exploit Exploits CVE-2025...

PT-2026-41141

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...

Fedora 45 : docker-compose (2026-f5bc7ff320)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f5bc7ff320 advisory. Automatic update for docker-compose-5.1.3-1.fc45. Changelog Wed Apr 15 2026 Bradley G Smith - 5.1.3-1 - Update to release v5.1.3 - Resolves...

CVE-2026-42461

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...

Exploit for Server-Side Request Forgery in Internlm Lmdeploy

CVE-2026-33626 — LMDeploy Vision-Language SSRF Lab Overvie...

Exploit for Race Condition Enabling Link Following in Linuxfoundation Runc

CVE-2025-31133 Compose Build Lab This lab is a small PaaS sim...

EUVD-2026-29079

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

CVE-2026-6093

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

CVE-2026-6093

CVE-2026-6093 describes a SQL injection vulnerability in Corteza’s MSSQL backend, triggered when filtering Compose records by the meta field. The root cause is an incorrect T-SQL string escaping, affecting Corteza 2024.9.8. Exploit details and mitigations are not provided in the connected documen...

PT-2026-39621

Name of the Vulnerable Software and Affected Versions Corteza version 2024.9.8 Description An issue exists in the Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field, which allows for SQL injection. SQL injection is a type of flaw that enables an attacker to...