2299 matches found
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...
CVE-2026-56810
CVE-2026-56810 affects mint: a memory-denial vulnerability in Mint.HTTP1.decode_body/5 where chunked HTTP response bodies are buffered in an unbounded data_buffer until the entire declared chunk length completes. The chunk size is parsed with no upper bound, enabling a remote attacker to send an ...
Malicious code in anthropic-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ec82c6478e3a82eac71597b1c1fffc17d1b138e11e1a2aeadec7c00344c65e [email protected] is a typosquat against the @anthropic-ai/sdk ecosystem. The package ships no library code — its declared main dist/index.js i...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin CVE-2026-11594, CVE-2026-11707, CVE-2026-11383 Vulnerability Details Refer to the...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled IBM WebSphere Remote Server, are affected by HTTP request smuggling (CVE-2026-11541)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...
PYSEC-2026-259 Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...
Malicious code in unsafe-malicious-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...
MAL-2026-6404 Malicious code in syco1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43be65a0930b121cf4d610c70b2d07165e4d335dece4344590b471d078fa5b5 Package self-describes as a 'System binary configuration tool' but ships a covert screen and clipboard surveillance overlay. pointer.py captures...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2026-9006
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. CVE-2026-9006 Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...
CVE-2026-53632
CVE-2026-53632 affects the npm package launch-editor . Before version 2.14.1, it can open arbitrary paths including Windows UNC paths; when a UNC path is opened Windows triggers NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled ...
CVE-2026-12813
Affected software: activepieces (
MAL-2026-6185 Malicious code in conversa-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector baaff1de63d44fd5f6b4fb1c5d3ebb4e9509d7581ff9afa5f339acad8f57aed0 On npm install, postinstall.js unconditionally reads the installer's /.npmrc which typically contains //registry.npmjs.org/:authToken=... along with...
CVE-2026-55201
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...
launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...
MAL-2026-5785 Malicious code in ve-hemi-rewards (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8252216c6621e6391775d34f5e32815ab8c2a830df080fed52113b4cf855aa1 On npm install, the package's preinstall lifecycle invokes postinstall.js, which collects hostname, username, and current working directory, then...
Malicious code in 0x2ai-demo6x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf57dfddd0bfd0def03360ae66ea88dd6d4e875cbcb42880a4277eb2d1df269a On npm install, scripts/postinstall.cjs recursively copies the package's payload/ directory into process.env.INITCWD the installer's project root,...