Malicious code in 6cc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...

CVE-2026-0930

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

PT-2026-33853

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

MuPDF 安全漏洞

MuPDF is an open-source software library written in C language by MuPDF. It is used to render pages as bitmaps, but it also provides support for other operations such as searching and listing directories and links. MuPDF has a security vulnerability that stems from the failure to clean up PDF...

CVE-2026-25813

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

CVE-2026-25813

PlaciPy (educational placement system) – Affects version 1.0.0, where sensitive data is logged to console output unmasked. Root cause: logging of highly sensitive data without redaction. Impact: potential exposure of confidential information via console/log streams, with CVSS 4.0/AV:N/AC:L/PR:N/U...

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

PT-2026-7159

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

PlaciPy 日志信息泄露漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a vulnerability related to log information leakage. This...

CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

GHSA-WJPC-4F29-83H3 badkeys vulnerable to ASCII control character injection on console via malformed input

Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...

Improper Neutralization

Overview badkeys is a Check cryptographic keys for known weaknesses Affected versions of this package are vulnerable to Improper Neutralization of ASCII control characters in the badkeys command-line tool. An attacker can manipulate console output to display misleading or deceptive information by...

CVE-2025-68169

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix deadlock in memory allocation under spinlock Fix a AA deadlock in refillskbs where memory allocation while holding skbpool-lock can trigger a recursive lock acquisition attempt. The deadlock scenario occurs when the...

JavaWebVulnerabilityScanner

JavaWebVulnerabilityScanner 🔒 Java Web Vulnerability Scanner...

EUVD-2021-1391

Malware in sbrugna...

EUVD-2025-7239

Malicious code in bioql PyPI...

EUVD-2022-4687

Malicious code in bioql PyPI...

Jenkins has a log message injection vulnerability

In Jenkins 2.527 and earlier, LTS 2.516.2 and earlier, the log formatter that prepares log messages for console output including jenkins.log and equivalent does not restrict or transform the characters that can be inserted from user-specified content in log messages. This allows attackers able to...