GHSA-R48F-3986-4F9C fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist

Our analysis As stated in the project's security policy, we also don't consider UnusedVariables bypasses to be security issues. We added several unsafe modules mentioned by the reporter in advisory comments to the blocklist...

EUVD-2026-12142

SimpleEval: Objects including modules can leak dangerous modules through to direct access inside the sandbox...

SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox

Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...

GHSA-44VG-5WV2-H2HG SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox

Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...

Security Bulletin: Security vulnerabilities have been found in IBM Verify Directory (Container)

Summary Security vulnerabilities have been addressed in IBM Verify Directory Container Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A...

Improper File Handling

zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...

[SECURITY] Fedora 44 Update: dnf5-5.4.0.0-2.fc44

DNF5 is a command-line package manager that automates the process of installi ng, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments...

Malicious Package

Overview transform-modules-systemjs is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavi...

The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0

The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an...

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 安全漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have security vulnerabilities; these vulnerabilities stem from authentication bypass issues, which could allow attackers ...

GO-2026-4607 ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint in github.com/zitadel/zitadel

ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4604 ZITADEL: Login V2 UI Policy Bypass Allows Unauthorized Self-Registration and Authentication in github.com/zitadel/zitadel

ZITADEL: Login V2 UI Policy Bypass Allows Unauthorized Self-Registration and Authentication in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

CVE-2026-27687 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

PT-2026-24163

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

Oracle Linux 8 : python-pyasn1 (ELSA-2026-4146)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-4146 advisory. 0.3.7-6.el810.1 - Resolves: RHEL-148145 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-28456

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

CVE-2026-28456

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

CVE-2026-20044

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker...