Security Bulletin: Multiple vulnerabilties in IBM Rational Functional Tester / DevOps Test UI

Summary Multiple vulnerabilities addressed in DevOps Test UI in version 11.0.8 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Loda...

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

CVE-2025-71316 SQLite sqldiff remote code execution via argument injection

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

EUVD-2026-34303

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka are vulnerable to loss of confidentiality (CVE-2025-27817, CVE-2025-27818)

Summary Apache Kafka Client is used by IBM App Connect Enterprise Certified Container when running flows that connect to a Kafka server. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka Client are vulnerable to loss of confidentiality...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)

Last week, there were 277 vulnerabilities disclosed in 184 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 94 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

SmartMES-Range

SmartMES Attack-Defense Drill Site The Smart Manufacturing En...

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems...