2459483 matches found
Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...
Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...
Security Bulletin: Vulnerabilities in Moment-Timezone and Node.js might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Moment-Timezone and Node.js. Vulnerabilities include an attacker could exploit this vulnerability to execute arbitrary commands on the system and an attacker could exploit this vulnerability to launch a...
Malicious code in xrblocks-remote-control (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e20199ccf4c5557bf9d6bd0f17f0f74b47aa54389f22247523fb9145ef29def Package xrblocks-remote-control ships a bin script that, when invoked including via npx or unintended resolution against the xrblocks name, POSTs the...
MAL-2026-6530 Malicious code in xrblocks-remote-control (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e20199ccf4c5557bf9d6bd0f17f0f74b47aa54389f22247523fb9145ef29def Package xrblocks-remote-control ships a bin script that, when invoked including via npx or unintended resolution against the xrblocks name, POSTs the...
Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...
CVE-2026-33646
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...
CVE-2026-33646
CVE-2026-33646 affects Mise: prior to 2026.3.10, Processed .tool-versions with Tera where exec() is registered, allowing arbitrary code execution when a malicious .tool-versions file is parsed during shell CD hooks. Unlike .mise.toml, .tool-versions is not trusted in non-paranoid mode, so an atta...
EUVD-2026-39816
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...
CVE-2026-33646 mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...
CVE-2026-55441 mise: Arbitrary command execution via task-include files in an untrusted, config-less repository
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...
CVE-2026-55441
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...
CVE-2026-55441
CVE-2026-55441 affects the Mise toolchain. The root cause is that, prior to 2026.6.4, task-include files loaded from directories without config files bypass trust checks and render task fields with a Terraform-like template engine that registers an exec() function. If a directory contains a task-...
EUVD-2026-39815
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...
CVE-2026-55441 mise: Arbitrary command execution via task-include files in an untrusted, config-less repository
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...
PYSEC-2026-236 Malicious code in pyphetools (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of pyphetools were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...
Malicious code in pyphetools (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of pyphetools were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...
CVE-2026-55448
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...
CVE-2026-55448
CVE-2026-55448 is confirmed across multiple sources as a local command-exécution vulnerability in the mise tool. An attacker who can place a repository-local .mise.toml can have mise load github.credential_command from local project config and execute its value via sh -c when resolving a GitHub t...
EUVD-2026-39813
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...