MAL-2026-5006 Malicious code in @fb-deposit/form-deposit (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: unbound: python3-unbound-1.25.1-1.hum1 aarch64, x8664 unbound-1.25.1-1.hum1 aarch64, x8664 unbound-anchor-1.25.1-1.hum1 aarch64, x8664 unbound-devel-1.25.1-1.hum1 aarch64, x8664...

MiracleLinux 9 : openexr-3.1.1-3.el9_7.2 (AXSA:2026-604:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-604:03 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description bloc...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl: openssl-3.5.6-0.3.hum1 aarch64, x8664 openssl-config-fips-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-engine-3.5.6-0.3.hum1 aarch64, x8664...

MiracleLinux 8 : OpenEXR-2.2.0-12.el8_10.1 (AXSA:2026-542:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-542:02 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block...

[SECURITY] Fedora 42 Update: python3.14-3.14.4-2.fc42

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...

MiracleLinux 9 : openexr-3.1.1-3.el9_7.1 (AXSA:2026-479:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-479:01 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block...

AlmaLinux 9 : openexr (ALSA-2026:8888)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8888 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block directl...

Oracle Linux 9 : openexr (ELSA-2026-8888)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8888 advisory. 3.1.1-3.1 - fix CVE-2026-27622 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Malicious code in @automation-toolchain/f5-cloud-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfc189949f1db0cdc70361f74210d6fe3f92c3e69ddad9491d9c7615465f9c6 The package @automation-toolchain/f5-cloud-libs was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2662 Malicious code in @automation-toolchain/f5-cloud-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfc189949f1db0cdc70361f74210d6fe3f92c3e69ddad9491d9c7615465f9c6 The package @automation-toolchain/f5-cloud-libs was found to contain malicious code. Source: ossf-package-analysis...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: xz: xz-5.8.3-1.1.hum1 aarch64, x8664 xz-devel-5.8.3-1.1.hum1 aarch64, x8664 xz-libs-5.8.3-1.1.hum1 aarch64, x8664 xz-lzma-compat-5.8.3-1.1.hum1 aarch64, x8664 xz-static-5.8.3-1.1.hum1 aarch64,...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: bind: bind-9.18.48-1.1.hum1 aarch64, x8664 bind-chroot-9.18.48-1.1.hum1 aarch64, x8664 bind-devel-9.18.48-1.1.hum1 aarch64, x8664 bind-dnssec-utils-9.18.48-1.1.hum1 aarch64, x8664...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.14.1-4.hum1 aarch64, x8664 nodejs24-bin-24.14.1-4.hum1 noarch nodejs24-devel-24.14.1-4.hum1 aarch64, x8664 nodejs24-docs-24.14.1-4.hum1 noarch...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: mgr-push: Version 5.2.3-0 Disable build for SLES 16 rhnlib: Version 5.2.4-0 Disable build for SLES 16 spacecmd: Version 5.2.6-0 Update translation strings spacewalk-client-tools: Version 5.2.4-0 Disable build for SLES 16 uyuni-common-libs: Version 5.2.3-0...

SUSE CVE-2026-32836

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

dr_libs 安全漏洞

drlibs is an audio decoding library developed by David Reid as a personal project in C/C++. Versions of drlibs prior to 0.13.3 contain security vulnerabilities. These vulnerabilities stem from the drflacreadanddecodemetadata function, which involves uncontrolled memory allocation. This could allo...

[SECURITY] Fedora 42 Update: python3.10-3.10.20-1.fc42

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

[SECURITY] Fedora 43 Update: python3.12-3.12.13-1.fc43

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

Fedora 42 : dr_libs (2026-2350c6fd8c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2350c6fd8c advisory. Backport the fix for CVE-2026-29022 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...