Exploit for Deserialization of Untrusted Data in Mirasvit Full_Page_Cache_Warmer

markdown CVE-2026-45247 - Mirasvit Full Page Cache Warmer for...

Malicious code in react-pinojs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db767edd3581eec08793cb669f0ec59351e61f31501b6d4287b86baea512bb63 Package impersonates the popular pino logger homepage points to getpino.io, description mimics pino's tagline and executes a remote-code-execution...

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for June 2026, which includes 206 vulnerabilities affecting a range of products, including 32 that Microsoft marked as "critical". Out of 32 "critical" entries, 28 are remote code execution RCE vulnerabilities in Microsoft Windows services and...

CVE-2026-25855

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

CVE-2026-25559

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can...

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review

Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, delivering security updates for vulnerabilities that could significantly impact enterprise environments if left unaddressed. Microsoft Patch...

Malicious code in db-dx-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6eeeef7d309b24e00c0e45df8736d1d8b8d279207d2bfa766c75890815e5382d db-dx-connector is a name-swap typosquat of the legitimate dx-db-connector package the package's own repository, bugs, and homepage fields all point ...

MAL-2026-5463 Malicious code in db-dx-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6eeeef7d309b24e00c0e45df8736d1d8b8d279207d2bfa766c75890815e5382d db-dx-connector is a name-swap typosquat of the legitimate dx-db-connector package the package's own repository, bugs, and homepage fields all point ...

MAL-2026-5487 Malicious code in tailwind-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a2959fd43465328b090afd0464e0e3de0e1677ecd2068d4ef05bdfe5867b79 tailwind-form is a typosquat of the legitimate @tailwindcss/forms plugin README and repository field are copied from tailwindlabs/tailwindcss-forms,...

Malicious code in tailwind-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a2959fd43465328b090afd0464e0e3de0e1677ecd2068d4ef05bdfe5867b79 tailwind-form is a typosquat of the legitimate @tailwindcss/forms plugin README and repository field are copied from tailwindlabs/tailwindcss-forms,...

CVE-2026-10732

A flaw was found in the decompress package. A remote attacker can exploit this vulnerability by providing a specially crafted ZIP archive containing a symbolic link and a regular file with the same path. This allows the attacker to write arbitrary files to locations outside the intended output...

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

EUVD-2026-35519

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

EUVD-2026-35516

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

EUVD-2026-35518

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

EUVD-2026-35697

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...