MINI-XJ4C-CV5P-95RP

Bulletin has no description...

MINI-5WRM-W97R-F7VJ

Bulletin has no description...

BIT-ARGO-WORKFLOWS-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

BELL-CVE-2026-41142

Bulletin has no description...

MINI-G8Q2-6M3J-H53R

Bulletin has no description...

MINI-8PF7-P5M6-4R8J

Bulletin has no description...

Malicious code in @uipath/context-grounding-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08219b377dcb6cc4d5e37e03ac84d8fbce414fc1388eda8d60092c4f468c3cac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3541 Malicious code in @uipath/context-grounding-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08219b377dcb6cc4d5e37e03ac84d8fbce414fc1388eda8d60092c4f468c3cac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

@tanstack/react-start (=1.166.4), @tanstack/react-start-client (=1.166.4) +11 more potentially affected by unknown CVE via @tanstack/start-storage-context (=1.166.4)

@tanstack/start-storage-context NPM version =1.166.4 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/start-storage-context and may be impacted: - @tanstack/react-start =1.166.4 - @tanstack/react-start-client =1.166.4 -...

MAL-2026-3492 Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation

Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...

APSB26-52 : Security update available for Adobe Substance 3D Designer

Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user...

MINI-49PR-JMRX-7HG3

Bulletin has no description...

MINI-47R3-F8VH-C2W5

Bulletin has no description...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +39 more potentially affected by CVE-2026-45321 via @tanstack/start-storage-context (>=1.121.0-alpha.28 <=1.166.4)

@tanstack/start-storage-context NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.111.10, =1.129.0, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.114.29, =1.129.0, =1.131.50 and more Source cves: CVE-2026-45321 Source...

CVE-2026-44336

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

CVE-2026-8321 inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

CVE-2026-8321

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...