Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

vuln-scanner-agent

vuln-scanner-agent A multi-agent vulnerability scanner for Gi...

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

MAL-2026-6514 Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2026-34282,CVE-2026-22016,CVE-2026-23865,CVE-2026-22021,CVE-2026-22013,CVE-2026-22018,CVE-2026-22008,CVE-2026-34268,CVE-2026-22007,CVE-2026-6918)

Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Blocksy Companion Pro versions = 2.1.45...

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0

Summary When an application sets CURLOPTSSLVERIFYPEER=0 while keeping CURLOPTSSLVERIFYHOST=2 the default, the mbedTLS, wolfSSL, and rustls TLS backends silently skip the hostname-vs-certificate check. The OpenSSL, GnuTLS, and Schannel backends correctly preserve hostname checking under the same...

Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues CVE-2022-1996: CORS bypass bsc1200528. CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass bsc1201395. CVE-2024-39689: remove root certificates from GLOBALTRUST from the root store. CVE-2025-47910: net/http:...

SUSE-SU-2026:2643-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues - CVE-2022-1996: CORS bypass bsc1200528. - CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass bsc1201395. - CVE-2024-39689: remove root certificates from GLOBALTRUST from the root store. - CVE-2025-47910: net/http:...

CVE-2026-57881

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...

CVE-2026-57878

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

CVE-2026-57879

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by...

CVE-2026-57880

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by...

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-2053

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

CVE-2026-22879

A flaw was found in vtk-dicom. A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::NewDataElement function. A remote attacker could exploit this vulnerability without requiring user interaction or elevated privileges. Successful exploitation could lead to arbitrary code...

CVE-2026-41523

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the...

Security update for apache-commons-configuration2, apache-commons-text

This update for apache-commons-configuration2, apache-commons-text fixes the following issues CVE-2026-45205: uncontrolled recursion leads to StackOverflowError when processing specially crafted configuration files bsc1265299. Changes for apache-commons-configuration2: Upgrade to version 2.15.0:...

SUSE-SU-2026:2642-1 Security update for apache-commons-configuration2, apache-commons-text

This update for apache-commons-configuration2, apache-commons-text fixes the following issues - CVE-2026-45205: uncontrolled recursion leads to StackOverflowError when processing specially crafted configuration files bsc1265299. Changes for apache-commons-configuration2: - Upgrade to version...

CVE-2026-2053

The CVE-2026-2053 entry concerns the WSO2 API Manager: the message flow component mishandles WS-Addressing headers by not adequately validating user-controlled input, allowing an attacker to manipulate headers to set arbitrary destinations for server-initiated requests. This results in unauthenti...