PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

PT-2026-44362

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s ctrl Three control cases AUTOGAIN, EXPOSURE AUTO, ANALOGUE GAIN directly return without calling pm runtime put, causing runtime PM reference count leaks. Change these cases fr...

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

CVE-2026-48147

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

MAL-2026-4720 Malicious code in weavedb-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3017d9faf2f1f8a8973162392159e8d185b9c676555d406da261e67cd95395e8 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — its first bytes are the ELF magic \x7fELF\x02\x01\x01,...

MAL-2026-4546 Malicious code in cwao-units (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f3ce7490e9a811444c5493ebb6d968f9dd7879d7695f330e101cf5b158fedf package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte Linux x86-64 ELF binary shipped in the tarball...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF03 Vulnerability Details CVEID:CVE-2026-28417 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw...

Malicious code in itc-actors-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...

Reversing-Toolkit

Reversing Toolkit 🔧 3 reverse engineering & binary exploita...

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

PT-2026-42766

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016725 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016711 advisory. Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests ...

Malicious code in wdt-erpmcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda WDT ERP, and three of its four tools correctly read WDTAPPKEY...

MAL-2026-4675 Malicious code in supership-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033 The package advertises itself as a local-only static analyzer README: "Runs locally. Your code never leaves the machine" and "What's never transmitte...

Astra Linux - уязвимость в pcre2

A out-of-bounds read was discovered in PCRE before version 10.34, where the pattern \X was JIT-compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, as it could allow an attacker to cause the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed out-of-bounds access during parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in t...