Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer...

CVE-2026-28466

OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject...

CVE-2008-7320

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

EUVD-2011-4595

Malware in sbrugna...

EUVD-2019-16071

Malware in sbrugna...

EUVD-2012-1824

Malware in sbrugna...

EUVD-2024-40426

Malicious code in bioql PyPI...

platform/x86: think-lmi: Fix password opcode ordering for workstations

...

PT-2025-30572 · Microsoft +1 · Windows +2

Name of the Vulnerable Software and Affected Versions: Imprivata Enterprise Access Management versions 5.3 through 24.2 Description: A flaw in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen on shared kiosk workstations, potentially granting...

Linux Distros Unpatched Vulnerability : CVE-2024-26836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value ...

CVE-2024-43690

Inclusion of Functionality from Untrusted Control SphereCWE-829 in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution RCE. This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 MR2, 9.00 prior to...

CVE-2024-8306

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...

CVE-2024-43690

Inclusion of Functionality from Untrusted Control SphereCWE-829 in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution RCE. This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 MR2, 9.00 prior to...

CVE-2024-43690

CVE-2024-43690 describes that Gallagher Command Centre Server and Command Centre Workstations are affected by CWE-829 due to the inclusion of functionality from an untrusted control sphere, which may allow an attacker to perform Remote Code Execution (RCE). Affected products/versions include: Com...

CVE-2024-43690

Inclusion of Functionality from Untrusted Control SphereCWE-829 in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution RCE. This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 MR2, 9.00 prior to...

CVE-2024-43690

Inclusion of Functionality from Untrusted Control SphereCWE-829 in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution RCE. This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 MR2, 9.00 prior to...

Security Bulletin: WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...

borgmatic: Shell Injection

Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...

SUSE CVE-2024-26836

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed if Admin password is enabled. Tested on some Thinkpads to...