com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)

org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...

[SECURITY] Fedora 43 Update: python3.15-3.15.0~a8-1.fc43

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1) +1473 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf-spring5 (>=3.0.10.RELEASE <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring5 MAVEN version =3.0.10.RELEASE, =0.5.0, =1.1.1, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.7.0, =3.7.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =3.7.0, =5.5.7 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078378...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.com.cybernostics:theme-tree (=0.9.0) +2936 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf (>=3.0.0.ALPHA01 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf MAVEN version =3.0.0.ALPHA01, =0.5.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.6.0, =5.0.0, =5.5.7 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078379...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.com.cybernostics:theme-tree (=0.9.0) +2936 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf (>=3.0.0.ALPHA01 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf MAVEN version =3.0.0.ALPHA01, =0.5.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.6.0, =5.0.0, =5.5.7 and more Source cves: CVE-2026-40477 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078372...

dev.dsf:dsf-bpe-process-api-v1 (>=1.0.0 <=1.9.0), dev.dsf:dsf-bpe-server (>=1.0.0 <=1.9.0) +10 more potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-auth (>=1.0.0-M1 <=1.9.0)

dev.dsf:dsf-common-auth MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0-RC1 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540566...

app.cash.trifle:common (>=0.2.9 <=0.2.10), app.cash.trifle:jvm (>=0.1.0 <=0.2.10) +1008 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk15to18 (>=1.63 <=1.83)

org.bouncycastle:bcpkix-jdk15to18 MAVEN version =1.63, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =3.5.0.0, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =0.1.1, =0.1.4.2 and more Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...

io.github.jinahya:jinahya-bcprov (=0.0.1), org.apache.camel.karaf:camel-as2 (>=4.7.0 <=4.10.7) +14 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =4.7.0, =4.7.0, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075263...

com.github.bjlhx15:common-pdf (=0.0.4), com.github.rjolly:flying-saucer (>=9.1.20 <=9.1.25) +81 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-jdk14 (>=1.59 <=1.83)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.59, =9.1.20, =0.1.1, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.2.6 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075264...

cn.hyperchain.javasdk:hyperchainsdk (>=4.2.1 <=4.2.3), com.github.WHUTzju:blockchainsdk (=4.1.3) +79 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk14 (>=1.50 <=1.83)

org.bouncycastle:bcpkix-jdk14 MAVEN version =1.50, =4.2.1, =9.1.20, =2.0, =2.0, =2.0, =0.1.1, =1.0.1.0.20180504134220, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.2.6 and more Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075258...

Malicious code in 7miners (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7501eb0620c75479fa4614362aaa6c5766c8cc2f3b4d8829db6a44ca086cc374 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

BELL-CVE-2026-23459 CVE-2026-23459 does not affect BellSoft software

Bulletin has no description...

[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

Malicious code in hiveos-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36035629c3bde2cc0e1f5c5531cac6c4ece9ff587cc3c85a5e39bcafbded06d9 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

perl-XML-Parser security update

2.44-12.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.44-12 - Fix CVE-2006-10002, CVE-2006-10003...

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sqlite: lemon-3.52.0-1.1.hum1 aarch64, x8664 sqlite-3.52.0-1.1.hum1 aarch64, x8664 sqlite-analyzer-3.52.0-1.1.hum1 aarch64, x8664 sqlite-debug-3.52.0-1.1.hum1 aarch64, x8664...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +307 more potentially affected by CVE-2026-34479 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34479 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967804...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19209 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967727...