Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6 to 2026.1.11 contained security vulnerabilities. These vulnerabilities were...

Malicious code in @c8o/nimbus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8225c79aa127203c225df747705db370e11cfae184af100a063b2dfa4eb20eb8 The package @c8o/nimbus-core was found to contain malicious code. Source: ghsa-malware 23fd3197db4264e7b8ef6d65380e017c5b205b46a8e732df586feffcf3c7c7...

Malicious code in tailwindcss-typeface-inter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a4cecee37faea4489bd810f6d044cde9205a74e0c225bef7b07cbbe207eb88 The package tailwindcss-typeface-inter was found to contain malicious code. Source: ghsa-malware...

Malicious code in axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...

Node.js Module plain-crypto-js 4.2.1 installed

The package was confirmed by Socket as malicious and should be removed from the system. The malicious package deploys a multi-stage payload, including a remote access trojan RAT capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines. Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2026-4046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399...

CVE-2026-4046

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

CVE-2026-4046

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

CVE-2026-4046 iconv crash due to assertion failure with untrusted input

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation

Summary The nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory /etc/nginx. In particular, this allows an...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

kernel security update

6.12.0-124.47.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

kernel security update

4.18.0-553.115.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

EUVD-2026-16771

Flannel has cross-node remote code execution via extension backend BackendData injection...

CVE-2026-32241

CVE-2026-32241 – Flannel extension backend command injection . The vulnerability affects Flannel prior to v0.28.2 when using the experimental Extension backend. The SubnetAddCommand and SubnetRemoveCommand take attacker-controlled data from the Kubernetes Node annotation flannel.alpha.coreos.com/...

CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

BIT-DISCOURSE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing postid as an...

Malicious code in dgxeon-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41bea5fa12db95f82f32ef9f61f3e7dc60e7ef381589dff3780e758c19441f5 The package dgxeon-baileys was found to contain malicious code. Source: ghsa-malware 6c59d91ff6ae7727c79a7dfac9d7a7251193e519cf4f1f846a7368c1db065340...

MAL-2026-2253 Malicious code in dgxeon-soket-buttonx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a92a6c68bc523541697f8bb80096a0b9425efac6c8413c08e4dea82afad4e4a The package dgxeon-soket-buttonx was found to contain malicious code. Source: ghsa-malware...