Linux Distros Unpatched Vulnerability : CVE-2026-48860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...

CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. Erlang/OTP has security vulnerabilities in versions prior to 11.7.2, as well as versions 11.6.0.2 and 11.2.12.9. The vulnerability stems from the...

ROOT-APP-NPM-CVE-2024-4367 CVE-2024-4367 in @rootio/pdfjs-dist - Patched by Root

Root has patched CVE-2024-4367 in the @rootio/pdfjs-dist package for Root:npm. Multiple fixed versions available...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

[SECURITY] Fedora 44 Update: perl-Dist-Build-0.028-1.fc44

Dist::Build is a Build.PL implementation. Unlike Module::Build::Tiny it is extensible, unlike Module::Build it uses a build graph internally which makes it easy to combine different customizations. It's typically extended by adding a .pl script in planner/...

[SECURITY] Fedora 43 Update: perl-Dist-Build-0.028-1.fc43

Dist::Build is a Build.PL implementation. Unlike Module::Build::Tiny it is extensible, unlike Module::Build it uses a build graph internally which makes it easy to combine different customizations. It's typically extended by adding a .pl script in planner/...

Fedora 43 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-f2c746ff8e)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f2c746ff8e advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Fedora 44 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-dafdad8fd3)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dafdad8fd3 advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

EUVD-2026-33008

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

Fedora 45 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-5d15cef372)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5d15cef372 advisory. Update perl-Crypt-Argon2 to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security...

Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.12.3) +2 more potentially affected by CVE-2026-46481 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.12.3)

org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.12.3 - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2026-46481 Source advisory: OSV:GHSA-9VMH-WHC4-7PHG...

MAL-2026-4216 Malicious code in polymarket-trader (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

MAL-2026-4217 Malicious code in polymarket-trading-cli (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

MAL-2026-4212 Malicious code in polymarket-claude-code (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...