EUVD-2026-3501

Malicious code in webmd-debug npm...

MAL-2026-373 Malicious code in webmd-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5693e1af021faa1bcf410e9bdf757b9deebbae4505daa969275ef365e719227 The package webmd-debug was found to contain malicious code. Source: ghsa-malware b74e0fa5da459a8e2a346f0ad74dcf61ebdf972a7840b7f61292e46ea5aa58db An...

Malicious code in webmd-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5693e1af021faa1bcf410e9bdf757b9deebbae4505daa969275ef365e719227 The package webmd-debug was found to contain malicious code. Source: ghsa-malware b74e0fa5da459a8e2a346f0ad74dcf61ebdf972a7840b7f61292e46ea5aa58db An...

Malicious Package

Overview webmd-debug is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

PT-2026-3740

Impact Fleet’s debug/pprof endpoints are accessible to any authenticated user regardless of role, including the lowest-privilege “Observer” role. This allows low-privilege users to access sensitive server internals, including runtime profiling data and in-memory application state, and to trigger...

PT-2026-3749

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description Fleet, an open source device management software, ha...

ROS-20260119-7362

A vulnerability in the orangefsdebugwrite function of the fs/orangefs/orangefs-debugfs.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, as...

SUSE CVE-2017-18896

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

SUSE CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004314 advisory. A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters pass...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004329 advisory. In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with...

MiracleLinux 4 : gdb-7.2-60.AXS4 (AXSA:2013-121:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-121:01 advisory. GDB, the GNU debugger, allows you to debug programs written in C, C++, Java, and other languages, by executing them in a controlled fashion and printing their...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003954)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003954 advisory. A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters pass...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003732 advisory. In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001195 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003702 advisory. In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002130 advisory. The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003536 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003017)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003017 advisory. The hidmachanstats function in drivers/dma/qcom/hidmadbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading callback...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...