9469 matches found
CVE-2026-45305
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...
CVE-2026-45305 Symfony: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...
CVE-2026-45305
Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...
Malicious code in @akshajrawat/plugin-repo-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596ef9a9a6888c00110ee80e3633052ed89887a8465e9a5eaa824a81e5211e46 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden216 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136d8dabbba25b7fb10fa921d1eafe01d4f6710465dfc33ad213f02043973b49 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20bca534c9132e075eb12129f9986f32127805ef4e81a801de877aaf3a9bda6e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
CVE-2026-7639
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...
CVE-2026-41154
CVE-2026-41154 : The issue affects the GPU DDK in the CMA Cleanup Path of AllocOSPages_Sparse. When indexing pages larger than 4kB in the sparse memory page-freeing logic, an incorrect buffer indexing leads to out-of-bounds (OOB) reads/writes in kernel memory, exposed to software running as a non...
podman security, bug fix, and enhancement update
An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2026-1242:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1242:01 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE:...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...
ALPINE-CVE-2026-23556
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...
CVE-2026-23556
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...
Malicious code in mchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5249b7e6ec4cba8f4a3b2d332ec69069c1ca39eabec04a1372500ea25952280 package.json declares a postinstall hook node./src/core/index.js. That module immediately runs a top-level async IIFE that base64-decodes a URL store...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/tls: The use-after-free issue in the -EBUSY error handling path of tlsdoencryption has been fixed. The -EBUSY handling in tlsdoencryption, introduced with commit 859054147318 “net: tls: handle backlogging of crypto requests”,...
Malicious code in clavue-agent-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 399c0d2f1fabfa46b35810b70797862a0fd469076fa9496549237ab413ccada2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
CVE-2026-10536
A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...
kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...
CVE-2026-6101
The CVE-2026-6101 entry affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12). The vulnerability arises from unsafe ZIP extraction in ampforwp_save_local_font() plus inadequate cleanup that omits removal of nested directories/files, enabling auth...
MAL-2026-6949 Malicious code in vps-adapter-core (npm)
The package 'vps-adapter-core' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, paperclip-host-util...