CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

CVE-2026-46390

HAX CMS (PHP/Node.js backends) is affected by an unauthenticated access issue in the gitlist plugin. From version 2.0.0 up to, but not including, 26.0.0, the gitlist plugin is exposed to unauthenticated users, enabling browsing of git repositories and git history without authentication. Version 2...

EUVD-2026-34881

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

Malicious code in @shwfed/nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87ac343d6f89a601749bb115fa6902e7d39c71a0a6469690ecef56e9ea8a135e @shwfed/nuxt is published as a Nuxt UI module but contains undocumented build-hook code that, when a consumer integrates the module and runs a build...

MAL-2026-4444 Malicious code in @shwfed/nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87ac343d6f89a601749bb115fa6902e7d39c71a0a6469690ecef56e9ea8a135e @shwfed/nuxt is published as a Nuxt UI module but contains undocumented build-hook code that, when a consumer integrates the module and runs a build...

kernel security update

6.12.0-124.55.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

Malicious code in period-newline (npm)

Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

MAL-2026-3180 Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

kernel security update

6.12.0-124.49.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

kernel security update

6.12.0-124.47.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

Malicious Package

Overview tailwind-mainanimation is a malicious package. Upon installation, it silently injects obfuscated JavaScript into the end of legitimate project configuration files like tailwind.config.js. To evade detection, the malware rewrites git history, forging timestamps so the malicious commit...

kernel security update

6.12.0-124.31.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

kernel security update

6.12.0-124.29.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

kernel security update

6.12.0-124.28.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

EUVD-2025-21004

Malicious code in bioql PyPI...

CVE-2024-36119

CVE-2024-36119 affects Statamic CMS (versions 5.3.0–5.6.1) where password_confirmation data is stored in plain text in user YAML files for users registered during the affected window when using the user:register_form tag with file-based accounts. The issue’s root cause is insecure handling of pas...

in cythron/tweango

✍️ Description The Django secret key was hard coded in the Github repository which is vulnerable as https://huntr.dev/bounties/1-other-cythron/Tweango/ accordingly. Since the GitHub public API monitor every single git commit that is made, attacker can still find the key from commit lists. = It is...

Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has...