Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013558)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013558 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: media: tegra-video: fix devicenode use after free At probe time this code path is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013742 advisory. In the Linux kernel, the following vulnerability has been resolved: HSI: omapssi: Fix refcount leak in ssiprobe When returning or breaking early from a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013751 advisory. In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulatordevlookup I got the the following...

CVE-2026-40931

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that target Kubernetes environments by install a full LLM proxy service on the victim's machine, allowing the attacker to route LLM traffic through the compromised server. Remediation Avoid using kube-node-health...

DEBIAN-CVE-2026-40895

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...

CVE-2026-40895

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...

UBUNTU-CVE-2026-40895

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...

CVE-2026-40931

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but...

CVE-2026-40880

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...

EUVD-2026-24472

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-33036 DESCRIPTION:...

GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

Malicious code in 6161test1234 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074806dcf23de8a6066ce2cbbcc5f711ca552db945714be52cd8d3a7e1415af4 The package 6161test1234 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2966 Malicious code in com.tencent.puerts.agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 893d557ac2c9f78b7a7885bb93d174293ce6e98589b277f2368a5bce07bfeebd The package com.tencent.puerts.agent was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview internalinsightsenabled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview cktool.config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview apple-internal-security-poc-frank is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview cktool.core.internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in apple-internal-security-poc-frank (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10f171ab8af350f288bde3dca0a4c5741b840ed376b0022602322fd7b8b6341f The package apple-internal-security-poc-frank was found to contain malicious code. Source: ghsa-malware...