Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

MAL-2026-6327 Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CVE-2026-49241 Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations...

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

Malicious code in @withgoogle/stitch-sdk (npm)

@withgoogle/stitch-sdk is a scope-squatting package on npm that impersonates Google's Stitch AI design tool SDK. The attacker registered the @withgoogle scope to mimic Google's withgoogle.com domain and published versions 0.1.1 and 0.1.2 under the account maximus-mcmillan on June 19, 2026. The...

MAL-2026-6256 Malicious code in @withgoogle/stitch-sdk (npm)

@withgoogle/stitch-sdk is a scope-squatting package on npm that impersonates Google's Stitch AI design tool SDK. The attacker registered the @withgoogle scope to mimic Google's withgoogle.com domain and published versions 0.1.1 and 0.1.2 under the account maximus-mcmillan on June 19, 2026. The...

ROOT-APP-GOBINARY-CVE-2026-39883 CVE-2026-39883 in rootio-go.opentelemetry.io/otel/sdk - Patched by Root

Root has patched CVE-2026-39883 in the rootio-go.opentelemetry.io/otel/sdk package for Root:Go. Multiple fixed versions available...

CVE-2026-12530 Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet10.0: aspnetcore-runtime-10.0-10.0.9-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-10.0-10.0.9-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-10.0-10.0.9-1.hum1 aarch64, x8664...

CVE-2026-48776

A flaw was found in the LangGraph Python SDK. This vulnerability allows a remote attacker with low privileges to manipulate URL paths by providing unsanitized input. This could result in unintended access, modification, or deletion of resources, potentially compromising data confidentiality and...

Malicious code in cryptodao-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03ac58e81310f19b32d136445eab91f7ddc776921ff8dfd08bdb91bcdd4a1da6 [email protected] ships a postinstall script recon.js that runs automatically on npm install and harvests installer-side secrets. The script...

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

CVE-2026-48776

LangGraph Python SDK (versions ≤ 0.3.14) has unsafe URL path construction due to unsanitized caller-supplied identifiers in HTTP request paths, which could address the wrong resource or resource type. Impact: potential unintended access, modification, or deletion of resources beyond the caller's ...

CVE-2026-48776 LangGraph SDK has unsafe URL path construction

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

CVE-2026-47934

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

CVE-2026-47927

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

CVE-2026-47963

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...