Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-26007...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz which is vulnerable to CVE-2026-26996

Summary IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz which is vulnerable to CVE-2026-26996, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873

Summary IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validat...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses lodash-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800

Summary IBM Maximo Application Suite - Visual Inspection component uses lodash-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash...

Astra Linux – Vulnerability in Firefox

If an attacker were able to alter specific about:config values for example, malware running on the user’s computer, the Devtools remote debugging feature might be enabled in a way that is unnoticed by the user. This would allow a remote attacker who can establish a direct network connection to th...

Astra Linux – Vulnerability in RustC

A issue was discovered in the Bidirectional Algorithm in the Unicode Specification through version 14.0. This algorithm allows for the visual reordering of characters through control sequences, which can be used to create source code that implements logic different from the logical order of token...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...

CLSA-2026-1777455188 vim: Fix of CVE-2022-3520

CVE-2022-3520: fix heap buffer overflow in doput when Visual-block put causes the end-column to underflow to a negative value...

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

Exploit for Out-of-bounds Write in Microsoft

CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBSc...

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

CLSA-2026-1777391151 vim: Fix of CVE-2022-3520

CVE-2022-3520: fix heap buffer overflow in doput when Visual-block put causes the end-column to underflow to a negative value...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx_11_0_arm64.whl which is vulnerable to CVE-2026-24747

Summary IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx110arm64.whl which is vulnerable to CVE-2026-24747, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24747 DESCRIPTION:...

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and...

CVE-2026-6781

CVE-2026-6781 is a denial-of-service vulnerability in the Mozilla Firefox/Thunderbird Audio/Video: Playback component. The issue is fixed in Firefox 150 and Thunderbird 150. Affected products are Firefox and Thunderbird; the root cause is described only as a DoS in the playback component, with no...

EUVD-2026-23480

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

CVE-2026-40282 WeGIA has stored XSS in intercorrencia_visualizar.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...

CVE-2026-33093

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...