Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: kubernetes1.35: kubernetes1.35-1.35.6-1.hum1 aarch64, x8664 kubernetes1.35-client-1.35.6-1.hum1 aarch64, x8664 kubernetes1.35-kubeadm-1.35.6-1.hum1 aarch64, x8664...

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: syft: syft-1.45.1-0.1.hum1 aarch64, x8664 syft-1.45.1-0.1.hum1.src src...

Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: caddy: caddy-2.11.3-0.1.hum1 aarch64, x8664 caddy-2.11.3-0.1.hum1.src src...

Important: kernel-livepatch-6.12.77-99.140

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: gnutls: gnutls-3.8.13-1.hum1 aarch64, x8664 gnutls-c++-3.8.13-1.hum1 aarch64, x8664 gnutls-dane-3.8.13-1.hum1 aarch64, x8664 gnutls-devel-3.8.13-1.hum1 aarch64, x8664 gnutls-fips-3.8.13-1.hum1...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: qt6: qt6-filesystem-6.11.0-1.hum1 aarch64, x8664 qt6-rpm-macros-6.11.0-1.hum1 noarch qt6-srpm-macros-6.11.0-1.hum1 noarch qt6-6.11.0-1.hum1.src src...

Important: python3.11

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: xz: xz-5.8.3-1.1.hum1 aarch64, x8664 xz-devel-5.8.3-1.1.hum1 aarch64, x8664 xz-libs-5.8.3-1.1.hum1 aarch64, x8664 xz-lzma-compat-5.8.3-1.1.hum1 aarch64, x8664 xz-static-5.8.3-1.1.hum1 aarch64,...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libcap: captree-2.78-1.1.hum1 aarch64, x8664 libcap-2.78-1.1.hum1 aarch64, x8664 libcap-devel-2.78-1.1.hum1 aarch64, x8664 libcap-static-2.78-1.1.hum1 aarch64, x8664 libcap-2.78-1.1.hum1.src src...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.12: python3.12-3.12.13-2.hum1 aarch64, x8664 python3.12-debug-3.12.13-2.hum1 aarch64, x8664 python3.12-devel-3.12.13-2.hum1 aarch64, x8664 python3.12-idle-3.12.13-2.hum1 aarch64, x8664...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.13: python3.13-3.13.12-2.hum1 aarch64, x8664 python3.13-debug-3.13.12-2.hum1 aarch64, x8664 python3.13-devel-3.13.12-2.hum1 aarch64, x8664 python3.13-freethreading-3.13.12-2.hum1 aarch64,...

Malicious Package

Overview cline is a malicious package. NPM publishing token for this package was compromised and useb by an unauthorized party to publish version 2.3.0 containing a modified package.json with an added postinstall script "postinstall": "npm install -g openclaw@latest". This causes openclaw an...

1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4370 more potentially affected by CVE-2026-25639 via axios (>=1.0.0 <=1.13.4)

axios NPM version =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source advisory:...

Important: kernel-livepatch-6.1.158-178.288

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields CVE-2025-40254 Affected Packages: kernel-livepatch-6.1.158-178.288 Issue Correction: Please ensure you have live patching enabled. Run dnf upda...

Malicious Package

Overview @cda-apps/source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-90449

Malicious code in lina-bubur41-miaww npm...

EUVD-2025-89137

Malicious code in riana-taiwan29-miaww npm...

EUVD-2025-50963

Malicious code in xerothermic-coffee-gorilla npm...

MAL-2025-49318 Malicious code in stark-recurser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54520ff73a8cd962cb9ab3db426b6c93987e6b616edf752e0e5f6f346293af1b The package stark-recurser was found to contain malicious code. Source: ossf-package-analysis...