CVE-2026-44219

ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date /...

CVE-2026-44219

ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date /...

CVE-2026-44219

CVE-2026-44219 affects the ciguard static security auditor. The two SCA HTTP clients (osv.py and endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without a maximum bytes cap, allowing a hostile or compromised endoflife.date / OSV.dev (or a TLS MITM) to return multi-GB response...

Security Bulletin: IBM MQ Appliance is affected by mulitple open source vulnerabilities (CVE-2026-23193, CVE-2026-23231, CVE-2026-3497)

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2026-23193 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In...

A Ground-Truth-Based Evaluation of Vulnerability Detection across Multiple Ecosystems

Automated vulnerability detection tools are widely used to identify security vulnerabilities in software dependencies. However, the evaluation of such tools remains challenging due to the heterogeneous structure of vulnerability data sources, inconsistent identifier schemes, and ambiguities in...

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

Security Bulletin: Multiple open source vulnerabilities affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple open source vulnerabilities affect IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header...

Security Bulletin: IBM MQ Appliance is affected by open source vulnerabilities (CVE-2025-8058 and CVE-2025-7425)

Summary IBM MQ Appliance has addressed open source vulnerabilities. Vulnerability Details CVEID:CVE-2025-8058 DESCRIPTION: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc...

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They're getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer,...

EUVD-2022-1925

Malicious code in bioql PyPI...

SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios

Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...

Adobe Commerce/Magento Open Source Multiple Vulnerabilities (APSB24-40)

The version of Adobe Commerce/Magento Open Source installed on the remote host falls within one of the following ranges 2.4.7 2.4.7-p1 Adobe Commerce / 2.4.6 2.4.6-p6 Adobe Commerce / 2.4.5 2.4.5-p8 Adobe Commerce / 2.4.4 2.4.4-p9 Adobe Commerce / 2.4.3 2.4.3-ext-8 Adobe Commerce / 2.4.2...

Adobe Commerce Multiple Vulnerabilities (APSB24-61)

The version of Adobe Commerce/Magento Open Source installed on the remote host falls within one of the following ranges 2.4.7.0 2.4.7-p2 Adobe Commerce / 2.4.6.0 2.4.6-p7 Adobe Commerce / 2.4.5.0 2.4.5-p9 Adobe Commerce / 0.x 2.4.4-p10 Adobe Commerce / 2.4.7.0 2.4.7-p2 Magento Open Source / 2.4.6...

Adobe Commerce/Magento Open Source Multiple Vulnerabilities (APSB24-73)

The version of Adobe Commerce/Magento Open Source installed on the remote host falls within one of the following ranges 2.4.7.0 2.4.7-p3 Adobe Commerce / 2.4.6.0 2.4.6-p8 Adobe Commerce / 2.4.5.0 2.4.5-p10 Adobe Commerce / 0.x 2.4.4-p11 Adobe Commerce / 2.4.7.0 2.4.7-p3 Magento Open Source /...

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning ML related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published...

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in...

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086. Vulnerability Details CVEID:CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities

Summary IBM MQ Appliance has resolved multiple open source vulnerabilities CVE-2022-40303, CVE-2022-40304, CVE-2021-46848 and CVE-2022-43680. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an...

Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities OSV database, is designed to connect "a project's list of dependenci...

Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Access

Summary Source code scanning has found several open source vulnerabilites in the IBM Security Verify Access product. Verify Access has updated the packages as required. Vulnerability Details CVEID: CVE-2018-20574 DESCRIPTION: yaml-cpp is vulnerable to a denial of service, caused by an error in th...