47299 matches found
SUSE CVE-2026-11655
Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
PT-2026-48362
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...
PT-2026-48414
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...
CVE-2026-8913
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
EUVD-2026-35455
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device...
MAL-2026-5405 Malicious code in comos-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee12368f5942eae69ed49370445277dace5431f4ded5556b51dcd1ef34bd4b4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-9211 Certain NETGEAR routers allow unauthenticated users to gain control of the router
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
MAL-2026-5384 Malicious code in enquriers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17ff0053c1f18c2d4e2e555119e16463f85cfb7f0c564d64d222a80a84763639 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @doaction/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4092c28082abff16427aa0e246a327796294411786dae585fb4ab3114ad6504f @doaction/[email protected] is a dependency-confusion lure targeting an internal @doaction scope. The package.json declares "version": "99.99.99" and pi...
Malicious code in @doaction/signalhub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7bca1eff18553fad58ccd2097810887a61afc717b44a657c6674bfa7317bb41 @doaction/[email protected] is shaped as a dependency-confusion attack against organizations using a private @doaction scope. package.json declares...
MAL-2026-5374 Malicious code in @doaction/mapstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9692028d96015eee60ce05d38eac9bf0c6e51dd2153cea37cad4756e3b4b3de9 @doaction/[email protected] is published to the public npm registry under a sentinel-high version 99.99.99 with a pinned @doaction/shared: ^99.99.99...
MAL-2026-5373 Malicious code in @doaction/http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0558fc0fe6ab95434c0f041b1ed88e02039379e9052dbfd3e0faf35a8e8d5d5f Package version 9.9.9 is the canonical version-pinning marker used to outrank any private package during npm dependency resolution. The package...
Malicious code in @doaction/pay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ec95e460ba16497749775ca5e0bac92e4013e2297dd506bb2b99254acffaf3 @doaction/pay 9.9.9 declares "preinstall": "node scripts/postinstall.js" in package.json, which requires @doaction/shared/bin/postinstall.js and runs...
MAL-2026-5372 Malicious code in @doaction/examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...
MAL-2026-5381 Malicious code in @doaction/systeminformation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d2fd59d1828036e5c2cc49573fe68220054d50c3d41e0782735809a4c05ac45 Package name @doaction/systeminformation impersonates the widely-used systeminformation npm package and is published at suspiciously inflated version...
MAL-2026-5379 Malicious code in @doaction/storage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2555ac1fb49d2dac0108e398a6acffa2bffa1a86326db5fa384ed1232fdab89 Package @doaction/[email protected] is shaped as a dependency-confusion attack against the private-looking @doaction scope. The 99.99.99 sentinel...
Malicious code in @doaction/examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...
Malicious code in @doaction/shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caba10985bd532eb067af52e175856a72552c9b9306895ea9fba9c1083277248 @doaction/[email protected] is a dependency-confusion lure that exfiltrates installer environment metadata on every npm install. package.json declares...
MAL-2026-5370 Malicious code in @doaction/eventemitter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5221b351f74900764906fd20a62e5c3f390473ed87a1d4fb781e34d3ffd2f623 On npm install, package.json declares "preinstall": "node scripts/postinstall.js", and scripts/preinstall.js unconditionally executes...