MAL-2026-4300 Malicious code in apple-app-store-server-library-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0927a2d11dc610a60127985e95a9851a1bcad74ff346884f089d1d25545aa896 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

Malicious Package

Overview apple-app-store-server-library-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

MAL-2026-3123 Malicious code in apple-app-store-server-library-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...

Malicious code in apple-app-store-server-library-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...

[SECURITY] Fedora 44 Update: libmicrohttpd-1.0.5-1.fc44

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

UBUNTU-CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

UBUNTU-CVE-2026-22002

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

UBUNTU-CVE-2026-34267

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

@appwise/oauth2-server (>=0.0.19 <=0.2.2), @arlequins/oauth2 (>=1.0.1 <=1.0.3) +9 more potentially affected by CVE-2026-41213 via @node-oauth/oauth2-server (>=5.0.0-rc.3 <=5.2.1)

@node-oauth/oauth2-server NPM version =5.0.0-rc.3, =0.0.19, =1.0.1, =1.4.0, =1.3.0, =4.0.0, =1.16.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-41213 Source advisory: SNYK:JS-NODEOAUTHOAUTH2SERVER-16420261...

GO-2026-4830 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers in github.com/nats-io/nats-server

NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers in github.com/nats-io/nats-server...

GO-2026-4826 NATS: Message tracing can be redirected to arbitrary subject in github.com/nats-io/nats-server

NATS: Message tracing can be redirected to arbitrary subject in github.com/nats-io/nats-server...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

GO-2026-4298 Mattermost Server does not safeguard against phishing via error page links in github.com/mattermost/mattermost-server

Mattermost Server does not safeguard against phishing via error page links in github.com/mattermost/mattermost-server...

GO-2025-4272 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server

Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server...

GO-2025-4183 CVE-2017-18870 in github.com/mattermost/mattermost-server

CVE-2017-18870 in github.com/mattermost/mattermost-server...

[SECURITY] Fedora 42 Update: qt6-qthttpserver-6.9.3-1.fc42

Library to facilitate the creation of an http server with Qt...

EUVD-2024-2249

Malicious code in bioql PyPI...

CVE-2025-54804 Russh is missing an overflow check during channel windows adjust

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...

编号撤回

Both libsoup and GNOME are products of the GNOME project. libsoup is an HTTP client/server library for GNOME. GNOME is a set of purely free computer software. It is used to provide a graphical desktop environment. This CVE number has been withdrawn...