USN-8369-1: Apache Tomcat Connectors vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

Malicious Package

Overview @mlspace/connectors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘usb: typec: ucsi: add a common function ucsiunregisterconnectors’” The recent commit 87d0e2f41b8c “usb: typec: ucsi: add a common function ucsiunregisterconnectors” introduced a regression that caused NULL dereferencing...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it’s not applicable REASON The dynamic memory safety error detector KASAN detects and generates error messages like “BUG: KASAN: slab-out-of-bounds”. The writeback connector does not suppor...

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

EUVD-2026-30508

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

CVE-2026-8654

CVE-2026-8654 affects Delphix Continuous Data Connectors. The issue stems from improper input validation, allowing an authenticated user to execute arbitrary operating system commands on the staging or target host. The available documents do not specify affected versions, root cause details beyon...

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

PT-2026-41270

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

Improper Validation of Syntactic Correctness of Input

Overview org.apache.tomcat:coyote is a maven plugin for Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentiall...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality (CVE-2025-12183, CVE-2025-66566)

Summary Java module lz4 is used by IBM App Connect Enterprise Certified Container when connecting to Kafka servers. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality. This bulletin...

MAL-2026-3343 Malicious code in @atlan/connectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22a96e40cb459d89624b2ce0705942ad4d54d8279e780c66fe2d2fa3f727cef1 The package @atlan/connectors was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @atlan/connectors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @atlan/connectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22a96e40cb459d89624b2ce0705942ad4d54d8279e780c66fe2d2fa3f727cef1 The package @atlan/connectors was found to contain malicious code. Source: ghsa-malware...

Astra Linux - уязвимость в chromium

The use of after free in Device Trust Connectors in Google Chrome before version 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect numconnectors capability The UCSI spec states that the numconnectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it...