ALSA-2026:21757 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

RHEL 9 : cockpit (RHSA-2026:21395)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21395 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

MAL-2026-4835 Malicious code in rogiant-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c659d6e1e7b9bbbbb7b808196db4231a5eb1a62fe91827fc02fd708b92728b5 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

GHSA-G3VG-VX23-3858 compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

Exploit for Improper Input Validation in Hoverfly

CVE-2025-54123 — Hoverfly Middleware API Remote Code Execution...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the dynamic evaluation of user-supplied algorithm code in the script evaluation engine. An attacker can execute arbitrary operating system commands by injecting malicious Jython code through the REST API whe...

Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

GHSA-2G95-6X5Q-XJWJ Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

CVE-2026-45972

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability, within the smb2openfile function, could allow an attacker to cause memory corruption due to improper handling of memory during file open operations. This could lead to system instability or potentially...

GHSA-VMWP-VH32-RJ75 Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the updateAlgorithm process. An attacker can execute arbitrary code on the server by supplying crafted JavaScript payloads that are evaluated without...

Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

Security Bulletin: IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator (CVE-2026-7770)

Summary IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator CVE-2026-7770. Vulnerability Details CVEID:CVE-2026-7770 DESCRIPTION: IBM i Access Client Solutions ACS is vulnerable to remote code execution when configur...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...