Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the addJS function due to the use of a shared module-scoped variable for storing JavaScript content. An attacker can cause sensitive data intended for one user to be included in another user's PDF by making concurrent...

Alibaba Cloud Linux 3 : 0024: grafana (ALINUX3-SA-2026:0024)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0024 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61729: Within HostnameError.Error, when...

Toxic_Flow_Analysis_Framework_For_Agentic_AI

Toxic Flow Analysis TFA Framework A Secure-by-Design framew...

[SECURITY] Fedora 43 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc43

The OpenJDK 26 runtime environment...

[SECURITY] Fedora 43 Update: java-25-openjdk-25.0.2.0.10-2.fc43

The OpenJDK 25 runtime environment...

[SECURITY] Fedora 43 Update: java-21-openjdk-21.0.10.0.7-2.fc43

The OpenJDK 21 runtime environment...

[SECURITY] Fedora 43 Update: nodejs22-22.22.0-2.fc43

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

[SECURITY] Fedora 42 Update: nodejs20-20.20.0-2.fc42

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

Exploit for CVE-2026-25126

CVE-2026-25126: PolarLearn Vote Count Manipulation Research...

EUVD-2026-5009

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

CLSA-2026-1769786327 golang: Fix of CVE-2025-61729

CVE-2025-61729: limit number of hosts printed in HostnameError.Error and optimize error string construction to prevent quadratic runtime...

MAL-2026-607 Malicious code in banquet-runtime-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236dee5bac395a6446685322fb3dadb454e4b7f7d43a132111a8392721fed206 The package banquet-runtime-modules was found to contain malicious code. Source: ghsa-malware...

Malicious code in banquet-runtime-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236dee5bac395a6446685322fb3dadb454e4b7f7d43a132111a8392721fed206 The package banquet-runtime-modules was found to contain malicious code. Source: ghsa-malware...

OESA-2026-1271 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in...

CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when the container image is malformed or contains no layers. An attacker can cause service disruption and induce filesystem errors by supplying a specially crafted container image...

CVE-2026-24054 Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...

CVE-2020-37017

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with...

CVE-2020-37017 CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with...

EUVD-2020-30921

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with...