MAL-2026-5595 Malicious code in 0x2ai-demo8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc8b825a6ca24f0ed99210734ea8d4f4fb7bf1bbdb3767b67417bf5cdb83257 On npm install, scripts/postinstall.cjs writes a .mcp.json into the installer's working directory that registers a stdio MCP server...

Malicious code in 0x2ai-demo8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc8b825a6ca24f0ed99210734ea8d4f4fb7bf1bbdb3767b67417bf5cdb83257 On npm install, scripts/postinstall.cjs writes a .mcp.json into the installer's working directory that registers a stdio MCP server...

Malicious code in 0x2ai-demo3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...

Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

Linux Distros Unpatched Vulnerability : CVE-2026-44489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are sti...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-8338-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8338-1 advisory. It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly us...

PT-2026-48808

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

PT-2026-48697

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/Media Proxy.php with permission callback = return true that accepted a base64-encoded URL and forwarded it to wp remote get$url...

PT-2026-48685

Impact Wreck strips credential headers Authorization, Cookie, Proxy-Authorization before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes and HTTPS-to-HTTP...

GHSA-9PG3-25FQ-P6CC nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

nebula-mesh: Session and OIDC state cookies lack the Secure attribute

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

CVE-2026-11643

An use after free flaw was found in the Proxy component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518006379...

Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

MGASA-2026-0193 Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

axios: Axios: NO_PROXY bypass via crafted URL

A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses within the 127.0.0.0/8 range, excluding 127.0.0.1, the attacker can completely bypass the...

OPENSUSE-SU-2026:20934-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-48856

This CVE affects Erlang OTP inets (httpc_response) where cross-origin 3xx redirects copy Authorization and Proxy-Authorization headers to the redirect target, enabling credential theft. Root cause: httpc_response:redirect/2 only updates the host field; other header fields are copied, with autored...