Malicious code in monade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32631bc0128011d7e526d2665460d2e4562c2d50602e38218e2ad3078635726a [email protected] advertises itself as a JavaScript monad/flow utility library cjs/index.js exports flow, of, opt, ka, dev, yet ships a 976KB UPX-packed...

MAL-2026-4723 Malicious code in weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25ff456baf684075b65ecf808bbfe36cbf91811fb4b04b70c13a3dd9d8a9403 package.json declares "preinstall": "./tools/setup", where tools/setup is a 976KB stripped Linux x86-64 ELF binary sha256...

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 环境问题漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain environmental issues, which stem from vulnerabilities that can be exploited by HTTP request payload attacks...

PT-2026-44503

CVE-2026-42347 - Apache HTTP Server Authentication Bypass CVE ID :CVE-2026-42347 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-28496. Reason: This candidate is a duplicate of CVE-2026-28496. Notes:...

IBM HTTP Server 安全漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain security vulnerabilities; these vulnerabilities stem from the optional module modfastcgi, which may lead to denial-of-service attacks...

GitLab MCP Server 安全漏洞

GitLab MCP Server is an open-source tool developed by yoda.digital that connects AI agents with GitLab repositories. Versions of GitLab MCP Server prior to 0.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication mechanisms at the HTTP transport laye...

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: cni-plugins

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

Important: git-lfs

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

Important: runc

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

PT-2026-43176

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

IBM HTTP Server 代码注入漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain code injection vulnerabilities. These vulnerabilities stem from configurations involving TLS mutual authentication, which may lead to remote...

PT-2026-43368

Name of the Vulnerable Software and Affected Versions IBM HTTP Server version 8.5 IBM HTTP Server version 9.0 Description Remote code execution and denial of service are possible in configurations that utilize TLS mutual authentication, also known as client authentication, which is a process wher...

Important: mod_http2

Issue Overview: Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-23918 Affected Packages: modhttp2 Issue Correction: Run dnf...

Important: nginx

Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...

IBM HTTP Server 安全漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain security vulnerabilities; these vulnerabilities stem from the optional module modmemcache, which may lead to denial-of-service attacks...

Check Point Quantum Security Gateway 安全漏洞

Check Point Quantum Security Gateway is a series of enterprise-level security gateway devices developed by the Israeli company Check Point. There is a security vulnerability in Check Point Quantum Security Gateway, which stems from the improper parsing and validation of HTTP requests by the HTTP...

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

PT-2026-43324

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod ibm upload...

IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...