CVE-2026-27123

Reason: This candidate was issued in error...

Malicious code in fastapis-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

Exploits and vulnerabilities in Q4 2025

The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vulnerability disclosures, hitting popular libraries and mainstream applications. Several of these vulnerabilities were picked up by attackers and exploited in the wild almost immediately...

CVE-2026-21786

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs...

CVE-2026-29125

IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...

CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

CVE-2026-28799

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework evsub.c that is triggered during presence unsubscription SUBSCRIBE with Expires=0. This issue has been patched i...

Amazon Linux 2023 : aide (ALAS2023-2026-1462)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1462 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or...

Low: aide

Issue Overview: AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute...

PT-2026-23725

Name of the Vulnerable Software and Affected Versions Zarf versions 0.54.0 through 0.73.0 Description Zarf, an Airgap Native Packager Manager for Kubernetes, contains a path traversal flaw in its archive extraction process. A specially designed Zarf package can create symbolic links that point to...

Secure In-Memory Execution with W^X Enforcement Using mprotect

This C program demonstrates how to dynamically control memory allocation with the W^X protection principle...

RockyLinux 9 : nginx:1.24 (RLSA-2026:3638)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3638 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2026-1452)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1452 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-2599...

Here’s Every Country Directly Impacted by the War on Iran

As the conflict in the Middle East continues to escalate, more than a dozen countries in the region have reportedly been affected by air strikes...

CVE-2026-28485

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

EUVD-2026-9930

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

PYSEC-2026-99

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

UBUNTU-CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

CVE-2026-28443

OpenReplay (self-hosted session replay) has a SQL injection in the POST /{projectId}/cards/search endpoint, specifically in the sort.field parameter, that affects versions prior to 1.20.0. The issue has been patched in version 1.20.0. Practical impact is high (as indicated by the CVSS data in the...