CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

Security Bulletin: Rational Test Automation Server is vulnerable to request smuggling using CRLF injection due to netty-codec-http (CVE-2025-67735)

Summary Due to use of netty-codec-http, Rational Test Automation Server and IBM DevOps Test Hub contain a CRLF injection based request smuggling vulnerability CVE-2025-67735. The netty-codec-http java library is used for asynchronous HTTP handling capabilities. Vulnerability Details...

com.braimanm:uitaf (>=3.0.0 <=3.2.3), com.braimanm:uitaf-playwright (>=1.0.0-alpha <=1.0.1-alpha) +7 more potentially affected by CVE-2026-33166 via io.qameta.allure:allure-generator (>=2.10.0 <=2.37.0)

io.qameta.allure:allure-generator MAVEN version =2.10.0, =3.0.0, =1.0.0-alpha, =1.1.0, =0.1.17, =0.1.17, =1.0-RC1, =2.10.0, =2.37.0 - org.uitaf:uitaf-playwright =1.0.1 Source cves: CVE-2026-33166 Source advisory: OSV:GHSA-64HM-GFWQ-JPPW...

[SECURITY] Fedora 43 Update: openqa-5^20260126git19189f0-1.fc43

openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...

CVE-2023-25822

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

EUVD-2023-54322

Malicious code in bioql PyPI...

EUVD-2023-2774

Malicious code in bioql PyPI...

MAL-2025-37603 Malicious code in ui_test_automation (npm)

The package uitestautomation was found to contain malicious code...

Malicious code in dynatrace-test-automation (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74e3306bb8dffcb52855ae4c1db02c52669e3f7aa823b0baf1c10f781b90ab77 Any computer that has this package installed or running should be considered...

MAL-2025-5317 Malicious code in dynatrace-test-automation (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74e3306bb8dffcb52855ae4c1db02c52669e3f7aa823b0baf1c10f781b90ab77 Any computer that has this package installed or running should be considered...

Navigating the Growing Field of Research on AI for Software Testing

In industry, software testing is the primary method to verify and validate the functionality, performance, security, usability, and so on, of software-based systems. Test automation has gained increasing attention in industry over the last decade, following decades of intense research into test...

Malicious code in test-automation-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f06e180b42b483251e9be9757c11456faac61b034b2b3c0cb72e20162987c156 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

Design/Logic Flaw

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

CVE-2023-4467 Poly Trio 8800 Test Automation Mode backdoor

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

CVE-2023-4467

CVE-2023-4467 affects Poly Trio 8800, version 7.2.6.0019, in the Test Automation Mode component. Multiple sources describe a backdoor that can be triggered on the physical device, with the exploit publicly disclosed. Red Hat and CVE listings corroborate the issue, and a PoC/exploit for Telnet/roo...

Poly Trio Security Breach

Poly Trio is a Trio series business conference phone from Poly USA. A security vulnerability exists in Poly Trio 8800 version 7.2.6.0019, which stems from a security flaw in the Test Automation Mode component...

PT-2023-8564 · Poly · Poly Trio 8800

Name of the Vulnerable Software and Affected Versions: Poly Trio 8800 version 7.2.6.0019 Description: A critical issue was found in the Test Automation Mode component of the Poly Trio 8800, which can be manipulated to create a backdoor. The attack can be launched on the physical device...