EUVD-2026-32375

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

MAL-2026-4637 Malicious code in pewter-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f898fe8ed95b1d549bfff91d7c0dda0f75ada1c32a58af144940cf28b23c5 On npm install, a preinstall hook in callback.js collects os.hostname, os.userInfo.username, process.cwd, the configured npm registry...

CLSA-2026-1779124021 firewalld: Fix of CVE-2026-4948

CVE-2026-4948: use PKACTIONCONFIG instead of PKACTIONCONFIGINFO for setZoneSettings2 and setPolicySettings to require config-write authorization...

PT-2026-38648

Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...

PT-2026-37496

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus probe function fills USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb rcvbulkpipedev, 1 for RX data...

Malicious Package

Overview @bcs-bank/common-constants is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in @bcs-bank/common-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3265 Malicious code in @bcs-bank/common-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...

CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

CVE-2025-11762

The CVE-2025-11762 entry concerns the HubSpot All-In-One Marketing – Forms, Popups, Live Chat WordPress plugin. Affected versions are up to and including 11.3.32. The issue is a Sensitive Information Exposure vulnerability in leadin/public/admin/class-adminconstants.php, allowing authenticated at...

EUVD-2026-24626

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CVE-2026-41667

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...

PT-2026-34261

CVE-2026-41667 Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is… https://t.co/Xi4APjqrso...

CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded, Security-Relevant Constants (CVE-2026-28256)

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

CVE-2026-28256

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts...

@klardaten/n8n-nodes-datevconnect (>=1.0.1 <=1.0.2), @n8n/ai-workflow-builder (>=0.15.0 <=0.30.2) +15 more potentially affected by CVE-2026-33665 via @n8n/constants (>=0.10.0 <=0.13.0)

@n8n/constants NPM version =0.10.0, =1.0.1, =0.15.0, =0.15.0, =0.8.0, =0.16.0, =0.15.0, =1.8.0, =1.41.0, =1.104.0, =1.103.0, =1.0.1, =0.3.3, =0.3.3, =0.2.0, =0.2.1 and more Source cves: CVE-2026-33665 Source advisory: SNYK:JS-N8NCONSTANTS-15837401...

MAL-2026-2134 Malicious code in yelp-biz-action-constants-js-generated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063bb3466bef20db9d0f0c8436b384fe8b498ccceef3993ab43e0482b43efc40 The package yelp-biz-action-constants-js-generated was found to contain malicious code. Source: ghsa-malware...