7803 matches found
ROOT-OS-UBUNTU-2204-CVE-2023-53093 CVE-2023-53093 in rootio-linux - Patched by Root
Root has patched CVE-2023-53093 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-56742 CVE-2024-56742 in rootio-linux - Patched by Root
Root has patched CVE-2024-56742 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
XWiki Platform Distribution Flavor Main - Cross-Site Scripting
XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...
Powertek Firmware <3.30.30 - Authorization Bypass
Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...
MAL-2026-10506 Malicious code in node-fsagent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into 200MB chunks, reconstructs an npm registr...
Malicious code in node-fsagent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a0392a3ddea9b6099e8501fdb827f586a410323cecea214aa50fc1be42183b The package tarball ships archive-sender.js, which archives the host path /root/.codex, splits the tar into 200MB chunks, reconstructs an npm registr...
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...
CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution
In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...
CVE-2026-56254
CVE-2026-56254 affects "@capgo/capacitor-updater" prior to version 12.128.2. The end‑to‑end encryption scheme distributes the private key to every device that downloads the app, allowing the public key to be derived from the private key. This enables an attacker who can perform a MITM attack or c...
CVE-2026-61474 MISP: Improper sharing group authorization check when adding attributes
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890
Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...
EUVD-2026-42012
The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...
Security update for distribution (important)
openSUSE security update: security update for distribution ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21084-1 Rating: important References: bsc1265429 bsc1265788 bsc1266049 bsc1266629 Cross-References: CVE-2026-33814 CVE-2026-39821 CVE-2026-398...
GHSA-54VG-PFH7-JQ95 Lemur: Crafted CRL/OCSP URLs in uploaded certificates lead to post-authentication SSRF
Summary When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An...
GO-2026-5185 Distribution's tag deletion bypasses `storage.delete.enabled` configuration in github.com/distribution/distribution
Distribution's tag deletion bypasses storage.delete.enabled configuration in github.com/distribution/distribution...
GO-2026-5094 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm in github.com/distribution/distribution
Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm in github.com/distribution/distribution...