Research

• npm:autotel-backends — Critical npm package 'autotel-backends' v2.12.26 compromises host systems (High)
• npm:autotel-cli — Critical npm package 'autotel-cli' v0.8.14 compromises host systems (High)
• CVE-2026-20230 — Cisco Unified CM SSRF: Critical RCE Risk, Actively Exploited in the Wild (Critical)
• CVE-2026-12569 — PTC Windchill/FlexPLM: Unauthenticated RCE via Input Validation Flaw (KEV) (High)
• CVE-2026-48558 — SimpleHelp OIDC Auth Bypass: Forged Tokens Grant Full Technician Access (High)
• npm:velocityfix — Critical: Malicious 'velocityfix' npm package compromises systems (Critical)
• npm:hunsterx-package — Critical Supply-Chain Alert: Malicious 'hunsterx-package' in npm Ecosystem (High)
• CVE-2024-3094 — Critical XZ Utils Backdoor: Pre-Auth RCE in Internet-Facing Systems (Critical)