CVE-2025-27821

Summary: CVE-2025-27821 is an out-of-bounds write vulnerability in the Apache Hadoop HDFS native client, specifically in the URI parser. The issue affects Hadoop 3.2.0 up to, but not including, 3.4.2. Multiple sources (NVD, Red Hat, OSV, GHSA, CVE list, Snyk, and others) describe the same flaw an...

PT-2026-4646

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions affected versions not specified Description An out-of-bounds write flaw exists in the Hadoop HDFS client's URI parser. This issue affects the native client. Recommendations At the moment, there is no information about a...

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37943)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37943 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in...

Qualys Named a Leader and Outperformer in the 2025 GigaOm Radar for CNAPP

We’re proud to share that Qualys has been recognized as a Leader and Outperformer in the 2025 GigaOm Radar Report for Cloud-Native Application Protection Platforms CNAPP. This year’s evaluation underscores an important reality of the CNAPP market: while 18 vendors were evaluated , only a small...

@bagisto-native/core (=1.0.2), @bagisto-native/react (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-66803 via @hotwired/turbo (=8.0.17)

@hotwired/turbo NPM version =8.0.17 is affected by a known vulnerability. The following packages have a transitive dependency on @hotwired/turbo and may be impacted: - @bagisto-native/core =1.0.2 - @bagisto-native/react =1.0.0, =1.0.1 Source cves: CVE-2025-66803 Source advisory:...

IBM Concert 安全漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Malicious code in react-native-webview-forked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview react-native-webview-forked is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2026-3258

Malicious code in react-native-webview-forked npm...

MAL-2026-348 Malicious code in react-native-webview-forked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...

CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

CVE-2026-22816

CVE-2026-22816 (Gradle) : Multiple sources describe a vulnerability in Gradle before 9.3.0 where non-fatal exceptions during dependency resolution would allow Gradle to continue to the next repository, and an unresolvable host name could let an attacker register a service under the build’s host n...

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

Exploit for CVE-2025-11953

CVE-2025-11953 - React Native CLI RCE Research Environment !...