SUSE CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

@tanstack/react-start (=1.166.4), @tanstack/react-start-client (=1.166.4) +11 more potentially affected by unknown CVE via @tanstack/start-storage-context (=1.166.4)

@tanstack/start-storage-context NPM version =1.166.4 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/start-storage-context and may be impacted: - @tanstack/react-start =1.166.4 - @tanstack/react-start-client =1.166.4 -...

MAL-2026-3492 Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation

Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...

APSB26-52 : Security update available for Adobe Substance 3D Designer

Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user...

MINI-49PR-JMRX-7HG3

Bulletin has no description...

MINI-47R3-F8VH-C2W5

Bulletin has no description...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +39 more potentially affected by CVE-2026-45321 via @tanstack/start-storage-context (>=1.121.0-alpha.28 <=1.166.4)

@tanstack/start-storage-context NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.111.10, =1.129.0, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.114.29, =1.129.0, =1.131.50 and more Source cves: CVE-2026-45321 Source...

CVE-2026-44336

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

CVE-2026-8321

CVE-2026-8321 affects inkeep agents 0.58.14. The vulnerability lies in the function createDevContext of agents-api/src/middleware/runAuth.ts within the runAuth Middleware, where a manipulation can lead to authentication bypass via an alternate channel. This can be exploited remotely, and public e...

CVE-2026-8321 inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

CVE-2026-8321

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

CVE-2026-8321 inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

MINI-29QX-MHVH-FMWF

Bulletin has no description...

MINI-VF8R-PX58-F96R

Bulletin has no description...

MINI-PMM5-64VQ-HJ6W

Bulletin has no description...

MINI-VQVV-M4X7-RPRM

Bulletin has no description...

MINI-R5HH-P3WQ-G23Q

Bulletin has no description...

GHSA-7FXV-8WR2-MFC4 Local Path Provisioner Vulnerable to HelperPod Template Injection

Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...