MAL-2026-5148 Malicious code in @redhat-cloud-services/vulnerabilities-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to Client-Side Desync CSD CVE-2022-39163. Please refer to the table in the Related Information section for...

CVE-2024-54994

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the firstname and lastname parameters in the Add a new relationship feature...

CVE-2024-54996

MonicaHQ v4.1.2 contains multiple authenticated Client-Side Injection vulnerabilities in the /people/ID/reminders/create endpoint, exploiting unsanitized title and description parameters. Root cause: input passed to these fields is not properly validated, enabling client-side code execution-like ...

libgadu: Multiple vulnerabilities

Background libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description libgadu contains multiple vulnerabilities: X.509 certificates are not properly validated CVE-2013-4488 A integer overflow error could lead to a buffer overflow CVE-2013-6487 Malformed responses...