Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

MAL-2026-6525 Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

MAL-2026-6522 Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

Security update for python, python-base, python-doc

This update for python, python-base, python-doc fixes the following issues Security fixes: CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. CVE-2026-3219: pip doesn't reject concatenated ZIP...

SUSE-SU-2026:2664-1 Security update for python, python-base, python-doc

This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge Chromium-based allows an authorized attacker to execute code over a network...

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957 CVSS 8.5, the bug sat in...

WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin TemplateSpare versions = 4.2.0...

EUVD-2026-39659

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

CVE-2026-53914

CVE-2026-53914 affects JetBrains Kotlin prior to 2.4.20, where unsafe deserialization in the build cache metadata allows code execution. The NVD notes a high-severity, network-vector vulnerability with critical impact to confidentiality, integrity, and availability; local context in CVSS from CNA...

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

Exploit for Missing Authorization in Plane

CVE-2026-46558 Plane’s V2 asset subsystem trusted workspace sl...

Exploit for CVE-2026-34207

CVE-2026-34207 The SSRF filter checked hostname text, but the...

Malware steals Chrome session cookies to take over your accounts

An email attachment leads to the installation of a malicious Chrome extension. Researchers say it is part of a Windows backdoor delivered via a phishing email. The malware abuses Chrome Native Messaging to move control from the browser into the host system. Its most notable trick isn't the phishi...

Exploit for Authorization Bypass Through User-Controlled Key in Docmost

CVE-2026-34213 A low-privileged Docmost user could supply a vi...

Exploit for Cross-site Scripting in Docmost

CVE-2026-34212 Docmost accepted a javascript: URL inside an at...

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management PDM and Product Lifecycle Management PLM software to its Known Exploited Vulnerabiliti...