Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Security Bulletin: Due to use of compiler-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by Cross-Site Scripting (XSS).

Summary compiler-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-66412, CVE-2026-22610. Vulnerability Details CVEID:CVE-2025-66412 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other...

Security Bulletin: Due to use of node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS).

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896. Vulnerability Details CVEID:CVE-2026-33891 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScrip...

Security Bulletin: node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by bypass downstream cryptographic verifications and security decisions.

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-12816, CVE-2025-66030, CVE-2025-66031 . Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticat...

Security Bulletin: common-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by Credential Leak by App Logic that leads to the unauthorized disclosure.

Summary common-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-66035. Vulnerability Details CVEID:CVE-2025-66035 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to...

SUSE-SU-2026:21980-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

EUVD-2026-33776

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-45278

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-49135

CVE-2026-49135 affects CodexBar up to version 0.31.x (before 0.32.0). The issue is insecure temporary file handling in the notarization workflow, enabling a local attacker with access to the same host to read the App Store Connect API key written to a fixed path, pre-create files or symlinks to r...

EUVD-2026-33751

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-45284

Nextcloud vulnerability CVE-2026-45284 affects the User OIDC LdapService in the Nextcloud platform. From version 1.3.6 up to, but not including, 8.4.0, an improper check allowed LDAP-authenticated users who had been deleted to continue authenticating via OIDC. This could permit access to accounts...

EUVD-2026-33710

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...