Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

PT-2026-45467

Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow in the pull-request.yaml file executes attacker-controlled code from fork pull requests within a privileged context. This allows for th...

MAL-2026-5133 Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

MAL-2026-5134 Malicious code in @redhat-cloud-services/config-manager-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Engine API Unauthenticated RCE Seve...

[SECURITY] Fedora 43 Update: docker-compose-5.1.4-1.fc43

Define and run multi-container applications with Docker...

[SECURITY] Fedora 44 Update: docker-compose-5.1.4-1.fc44

Define and run multi-container applications with Docker...

CVE-2026-39821 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-39821 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-39830 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39830 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39834 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39834 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-46597 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-46597 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-39821 affecting package docker-cli for versions less than 25.0.7-3

CVE-2026-39821 affecting package docker-cli for versions less than 25.0.7-3. A patched version of the package is available...

CVE-2026-39829 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-39829 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-46597 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-46597 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-39830 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-39830 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-39832 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-39832 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...