CVE-2026-40985

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

CVE-2026-40985

CVE-2026-40985 affects Spring Web Flow where configurations use the WebFlowELExpressionParser. The vulnerability arises from processing Unified EL expressions, allowing a crafted expression to influence behavior. Affected versions are Spring Web Flow 4.0.0; 3.0.0–3.0.1; and 2.5.0–2.5.1. The conne...

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

Exploit for CVE-2026-2587

CVE-2026-2587 — GlassFish EL Injection RCE...

CLSA-2026-1778268804 Update of java-1.8.0-openjdk

Fix release version format: place .el9 before .tuxcare.els1 suffix; bump rpmrelease to 2...

devqubit-cudaq (=0.1.12), el-loom (>=0.1.1 <=0.1.2) potentially affected by CVE-2026-24189 via cudaq (>=0.12.0.post1 <=0.13.0)

cudaq PYPI version =0.12.0.post1, =0.1.1, =0.1.2 Source cves: CVE-2026-24189 Source advisory: SNYK:PYTHON-CUDAQ-16636605...

Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing bsc1259554 Added x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh...

SUSE-SU-2026:1523-1 Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Backport security patch for Salt vendored tornado bsc1259554: CVE-2026-31958: Add limits on multipart form data parsing - Add x8664v2 as a possible rpm package architecture - Make users with backslash working for salt-ssh bsc1254629 - Fi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007468 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM...

OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1496)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1496 advisory. mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions...

Malicious Package

Overview el-icon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in el-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3c49d25d54c1bd3e1e5ba1ab4996329e8244ba30c1639f977985930fafd91f The package el-icon was found to contain malicious code. Source: ghsa-malware a5783aeff6b8639c7ecb526c39e297c96949bead58c8e1aabf1be7417d75e696 Any...

MAL-2026-1947 Malicious code in el-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3c49d25d54c1bd3e1e5ba1ab4996329e8244ba30c1639f977985930fafd91f The package el-icon was found to contain malicious code. Source: ghsa-malware a5783aeff6b8639c7ecb526c39e297c96949bead58c8e1aabf1be7417d75e696 Any...

How Mexico's ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media

Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him—thanks, in part, to the criminal group’s embrace of technology...

CVE-2025-67998

Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through = 2.0.7...

CVE-2025-67998

Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through = 2.0.7...

PT-2026-21066

Name of the Vulnerable Software and Affected Versions Miraculous Elementor versions through 2.0.7 Description An authentication bypass issue exists in Miraculous Elementor, potentially allowing authentication abuse through an alternate path or channel. Recommendations Update Miraculous Elementor ...

The El Paso No-Fly Debacle Is Just the Beginning of a Drone Defense Mess

Fears over a drug cartel drone over Texas sparked a recent airspace shutdown in El Paso and New Mexico, highlighting just how tricky it can be to deploy anti-drone weapons near cities...