Security Bulletin: A vite-7.1.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in vite-7.1.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-62522 DESCRIPTION: Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to...

K000161415: Craft CMS vulnerability CVE-2025-32432

Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF03 Vulnerability Details CVEID:CVE-2026-28417 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw...

Malicious code in emojifancy-print (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...

MAL-2026-4550 Malicious code in emojifancy-print (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...

Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

No d...

Exploit for CVE-2026-38427

CVE-2026-38427: Integer Wraparound → Heap Buffer Overflow in T...

Exploit for CVE-2026-38426

CVE-2026-38426: strcpy Stack Buffer Overflow in Tasmota fetc...

CLSA-2026-1779701895 podman: Fix of 3 CVEs

Rebuild with golang = 1.25.7-1.el96.tuxcare.els5 to fix Go standard library CVEs: - CVE-2026-32280: cap intermediate certificates in crypto/x509 chain building to mitigate denial-of-service via excessive chain construction work - CVE-2026-32283: prevent crypto/tls deadlock when a TLS 1.3 peer...

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...

PT-2026-43124

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.71 through 0.83 Description An assertion failure occurs during the ECDSA Elliptic Curve Digital Signature Algorithm signature verification process...

FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing

FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...

Linux Distros Unpatched Vulnerability : CVE-2026-48710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct...

Security update for leancrypto (moderate)

openSUSE security update: security update for leancrypto ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20783-1 Rating: moderate References: bsc1253654 bsc1254370 bsc1261382 bsc1262399 Cross-References: CVE-2026-34610 CVSS scores: CVE-2026-34610 SU...

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.18 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.26 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.38 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

SWPT-Notes

SWPT-Notes Personal study notes compiled while working throug...