Malicious code in @redhat-cloud-services/notifications-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

PT-2026-45977

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler —...

CowAgent 操作系统命令注入漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.8 and earlier had a vulnerability related to operating system command injection. This vulnerability stems from the getsafetywarning function in the...

ArmCode Arm Whois 安全漏洞

ArmCode Arm Whois is a web information query tool developed by ArmCode Corporation. Version 3.11 of ArmCode Arm Whois contains a security vulnerability. This vulnerability stems from a buffer overflow, which may allow local attackers to execute arbitrary code by overriding structured exception...

PT-2026-45541

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of...

📄 Notepad++ 8.9.6 Arbitrary Code Execution

Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...

IBM i Access 注入漏洞

IBM i Access is a set of IBM i platform client software developed by the American multinational company International Business Machines IBM. Versions 1.1.5.0 to 1.1.9.12 of IBM i Access, along with IBM i Access Client Solutions, have injection vulnerabilities. These vulnerabilities arise when the...

PT-2026-45578

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A heap buffer overflow exists in multiple functions within sdp discovery.cc. This flaw allows for remote code execution in proximal or adjacent network environments without requiring addition...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the XCom PATCH...

AnomalyMatch 安全漏洞

AnomalyMatch is a semi-supervised image anomaly detection tool open source by the European Space Agency. Versions of AnomalyMatch prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of torch.load to load model files without proper deserialization...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.2 contained security vulnerabilities. These vulnerabilities stemmed from Reader View incorrectly escaping HTML tags in JSON-LD metadata. This could allo...

PT-2026-45566

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45623

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

CVE-2026-38950

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from overly privileged shell users located in multiple locations. These vulnerabilities may allow for code execution within the startup proce...

CVE-2026-38950

CVE-2026-38950 affects ESA AnomalyMatch prior to 1.3.1. The issue arises from loading model files from session directories with torch.load(), enabling unrestricted deserialization and arbitrary code execution. Affected component: model checkpoint loading in AnomalyMatch. Impact: potential full co...

Student-Management-System 安全漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a security vulnerability in Student-Management-System, which stems from incorrect operations with the parameter uid in the admin/ file within the Admin Endpoint component. This...

Tychon 安全漏洞

Tychon is a terminal security analysis and management platform developed by the American company Tychon. There is a security vulnerability in Tychon, which stems from the OPENSSLDIR variable in the OpenSSL component potentially being controlled by non-privileged users. This vulnerability could...

PUB-A-480123693

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...