PT-2026-49955

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Runtime Tools component of Oracle WebCenter Portal. A low privileged attacker with network access via HTTPS can exploit th...

EUVD-2025-210156

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

MAL-2026-5825 Malicious code in @intentsolution/database-security-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1f4da3cb40cc2e1396230869d85bcc5a3c9267c0dc3c60dc297c08d1882230 The package's main file index.js is heavily obfuscated using obfuscator.io-style string-array rotation, base64 fragments, and per-byte XOR decoders...

Cross-site Request Forgery (CSRF)

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient CSRF checks for PUT, PATCH, and DELETE document requests. An attacker can cause unauthorized state changes by tricking a user in...

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant properties. An attacker can cause affected message or...

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.2...

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.2...

GHSA-F3M7-GQXR-G87X Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

An issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization/validation through specific namespace workarounds. Specifically, namespaced script elements e.g., or were not properly identified as script elements by the Angular template preparser,...

Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

An issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization/validation through specific namespace workarounds. Specifically, namespaced script elements e.g., or were not properly identified as script elements by the Angular template preparser,...

CVE-2026-12043

A flaw was found in the AWS Common Runtime aws-c-http library. A remote attacker, by operating a malicious server, could send a crafted sequence of HTTP/2 HEADERS frames that improperly handle HPACK dynamic table size updates. This could lead to memory corruption on a connecting client applicatio...

PT-2026-49471

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.13.0 Description The template engine utilizes a single shared text/template.Template instance, specifically the tpl package-level variable in service/internal/tpl/templates.go, across all goroutines. Each action...

PT-2026-49283

Name of the Vulnerable Software and Affected Versions dhcpcd version 10.3.0 Description A NULL pointer dereference occurs during the parsing of configuration options. In the parse option function, the software performs a member access on a NULL pointer of type struct dhcp opt when an invalid opti...

BIT-MONGODB-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

MAL-2026-5737 Malicious code in postcss-minify-selector-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...

Malicious code in postcss-minify-selector-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...

SUSE CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

RLSA-2026:25115 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.109 and .NET Runtime...

.NET 8.0 security update

An update is available for dotnet8.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

RLSA-2026:25220 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.128 and .NET Runtime...

CVE-2026-53609

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...