CVE-2026-43860

A flaw was found in mutt. During the IMAP CRAM-MD5 Challenge-Response Authentication Mechanism - Message-Digest Algorithm 5 authentication, the password hash is truncated by one byte. This issue could allow a remote attacker to potentially bypass authentication, leading to unauthorized access...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2026-25679)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module url.Parse...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 CVE-2026-31431检测和测试 0x01 Quick Start Some ta...

Security Bulletin: Improper Hostname Normalization in Axios Enables NO_PROXY Bypass and SSRF Attacks

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching an...

Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics for NPS

Summary Vulnerabilities exists in IBM Netezza Analytics for NPS addressed in 11.2.30. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, an...

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services

Summary Vulnerabilities exists in IBM Netezza Performance Server Replication Services are addressed in 3.0.5.1 Vulnerability Details CVEID:CVE-2026-3623 DESCRIPTION: IBM Netezza Performance Server Replication Services allows an attacker with low‑privileged access to escalate their privileges to...

Security Bulletin: Vulnerability in jetty affects IBM Netezza Appliance

Summary The jetty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2024-6763 Vulnerability Details CVEID:CVE-2023-24056 DESCRIPTION: In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in...

K000161154: Sequelize vulnerability CVE-2026-30951

Security Advisory Description Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The traverseJSON function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST... AS SQL. An...

GHSA-CP6G-6699-WX9C vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...

vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 — Android ADB TLS Authentication Bypass A proof...

GHSA-947F-4V7F-X2V8 vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape

Summary NodeVM's builtin allowlist can be bypassed when the module builtin is allowed including via the '' wildcard. The module builtin exposes Node's Module.load, which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed co...

vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape

Summary NodeVM's builtin allowlist can be bypassed when the module builtin is allowed including via the '' wildcard. The module builtin exposes Node's Module.load, which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed co...

GHSA-Q6V9-R226-V65F Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

GHSA-FRH3-6PV6-RC8J Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header)

Summary FileBrowser Quantum serves inline SVG files without a Content-Security-Policy header, allowing embedded JavaScript in SVG files to execute when accessed via public share links. Verified on v1.3.0-stable. Affected product - Product: FileBrowser Quantum gtsteffaniak/filebrowser - Verified...

GHSA-MMPX-JH39-WRV6 FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header)

Summary FileBrowser Quantum serves inline SVG files without a Content-Security-Policy header, allowing embedded JavaScript in SVG files to execute when accessed via public share links. Verified on v1.3.0-stable. Affected product - Product: FileBrowser Quantum gtsteffaniak/filebrowser - Verified...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Live Code Corruption via Page Cache A novel...