181 matches found
Malicious code in conduit-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f9fa8b0c32901fb4a4b9bf52e4be69edec177320aea16a45dd777f792a8880 The package conduit-core was found to contain malicious code...
MAL-2026-1697 Malicious code in conduit-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f9fa8b0c32901fb4a4b9bf52e4be69edec177320aea16a45dd777f792a8880 The package conduit-core was found to contain malicious code...
Malicious code in conduit-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7f95b03bc8b7d9992089476c92239b5de48ab75b1d3c1d13e9b231dcc79a52 The package conduit-utils was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-985 Malicious code in conduit-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9f633d16f7a0d621de3ff6221f99ffbc77f942c409d0d2adfbe58307211688bf The OpenSSF Package Analysis project identified 'conduit-utils' @ 2.95.0 npm as malicious. It is considered malicious because: - The package...
CVE-2026-24471
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...
CVE-2026-24471
The CVE-2026-24471 issue affects Continuwuity and Conduit-derived servers (Continuwuity, Conduit, Grapevine, Tuwunel). A malicious remote server can induce the victim to sign an arbitrary event during user interactions such as leaving a room, joining a room, or knocking on a room, by requesting a...
CVE-2026-24471 Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...
CVE-2026-24471 Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...
CVE-2026-24471
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...
SUSE CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
AZL-78428 CVE-2025-71152 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
AZL-77319 CVE-2025-71152 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
UBUNTU-CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152 net: dsa: properly keep track of conduit reference
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152 net: dsa: properly keep track of conduit reference
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...
CVE-2025-71152
CVE-2025-71152 is a vulnerability reported in the Linux kernel and appears in multiple OS advisories. Connected entries indicate patches for Root Linux (rootio-linux) across Debian 11/12/13 variants, and additional OSV records show Debian-based and Chainguard advisories patching Root packages. Pu...