org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +8 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.http (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.http and may be impacted: -...

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +3 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core and may be impacted: -...

curl: libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire

Summary: curleasysslsimport deserializes a TLS session blob and stores it in the in-memory session cache. In Curlsslsessionunpack lib/vtls/vtlsspack.c:311, the validuntil field is read as uint64t and cast directly to curlofft int64t with no bounds check — so a crafted blob encoding validuntil =...

Malicious code in @f5rest/odata-v4-inmemory (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9179dd00def504544f38e24e0c660bae5223aa9ad2681cc61ab72057e3ee14b The package @f5rest/odata-v4-inmemory was found to contain malicious code...

MAL-2026-1619 Malicious code in @f5rest/odata-v4-inmemory (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9179dd00def504544f38e24e0c660bae5223aa9ad2681cc61ab72057e3ee14b The package @f5rest/odata-v4-inmemory was found to contain malicious code...

Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Summary A critical unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server. This vulnerability ONLY affects Budibase Cloud SaaS - self-hosted deployments use native CouchDB...

CVE-2026-26030

Summary of CVE-2026-26030 : The issue affects Microsoft’s Semantic Kernel Python SDK, specifically the InMemoryVectorStore filter functionality. Versions prior to 1.39.4 are vulnerable to remote code execution. The vulnerability is mitigated by upgrading to python-1.39.4 or higher; as a workaroun...

EUVD-2021-2000

Malware in sbrugna...

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years

A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant ,...

MAL-2024-4063 Malicious code in Be.Vlaanderen.Basisregisters.TicketingService.Storagе.InMеmory (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.TicketingService.Storagе.InMеmory (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlаanderen.Basisregisters.TicketingServicе.Storagе.InMеmory (NuGet)

--- -= Per source details. Do not edit below this line.=-...

GHSA-7322-JRQ4-X5HF File reference keys leads to incorrect hashes on HMAC algorithms

Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users...

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

CVE-2021-41106

The CVE-2021-41106 issue affects the LCobucci JWT library. Before versions 3.4.6, 4.0.4, and 4.1.5, when using HMAC-based algorithms (HS256/384/512) with LocalFileReference as the key, tokens were issued/validated using the file path instead of the file contents. This effectively means the key ma...

CVE-2021-41106 File reference keys leads to incorrect hashes on HMAC algorithms

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users...

TomatoCart 1.1.8.6.1 Cross Site Scripting

Title: TomatoCart-1.1.8.6.1 InMemory products.php CompareNow XSS Severity: High CVE-ID: To Be Assigned Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please us...