MAL-2026-1678 Malicious code in chai-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e77f30f15e3e699b15abf8ebd6bac4a15f8032d0411ab2b445f056ff0228b844 The package chai-conf was found to contain malicious code...

CVE-2026-1678

creationtimestamp| type| source ---|---|--- 2026-03-05 08:01:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgcdgcbjuk2s 2026-03-27 19:32:18+00:00| seen| https://bsky.app/profile/jtk.infosec.exchange.ap.brid.gy/post/3mi2ubik7ytm2...

CVE-2026-1678

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-1678 dns: memory‑safety issue in the DNS name parser

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

EUVD-2009-4323

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2013-1678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cairoxlibsurfaceaddglyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1678)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1678

The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...

CVE-2024-1678

The connected sources confirm CVE-2024-1678 affects the Subway – Private Site Option WordPress plugin and enables Sensitive Information Exposure via the REST API in all versions up to 2.1.4. The vulnerability allows unauthenticated attackers to bypass the plugin’s private-site feature and access ...

WordPress Subway – Private Site Option Plugin <= 2.1.4 is vulnerable to Sensitive Data Exposure

Software Subway – Private Site Option Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2690fc946af0 Credits Francesco Carlucc...

Rocky Linux 8 : perl (RLSA-2021:1678)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1678 advisory. - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

SUSE: Security Advisory (SUSE-SU-2023:1678-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1678

creationtimestamp| type| source ---|---|--- 2023-03-29 02:14:52+00:00| seen| https://t.me/cibsecurity/60987...

CVE-2023-1678

CVE-2023-1678 affects DriverGenius 9.70.0.346 via the IOCTL Handler, specifically the library function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in mydrivers64.sys, causing memory corruption. The vulnerability is exploitable with a local attack; exploit has been disclosed publicly. Several connected sourc...

K15405: OpenSSL 0.9.8l vulnerability CVE-2009-4355

Security Advisory Description Memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service memory consumption via vectors that trigger incorrect calls to the...

SUSE CVE-2006-1678

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory...

Amazon Linux AMI : java-1.8.0-openjdk, java-1.8.0-openjdk-demo, java-1.8.0-openjdk-devel (ALAS-2023-1678)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1678 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2348)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1969)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-1678

creationtimestamp| type| source ---|---|--- 2022-05-25 18:38:17+00:00| seen| https://t.me/cibsecurity/43338...