6949 matches found
MAL-2026-3683 Malicious code in @dropout-ai/runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2121b923a39177ed68ce5cf066cbb07891b7cb5d20ecf5ec66f2c953634eff10 On require/import, src/index.js replaces global.fetch with a wrapper that intercepts every fetch whose URL matches openai.com, anthropic.com,...
SAMSUNG System Support Service 安全漏洞
SAMSUNG System Support Service is a support component for Samsung devices provided by the South Korean company Samsung. Versions of SAMSUNG System Support Service prior to 8.0.8.0 contained security vulnerabilities. These vulnerabilities were due to improper permission management, and could allow...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper export of Android applicatio...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the functions netshapernlgetdoit and netshapernlcapgetdoit. These functions incorrectly call nlmsgfree...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It allows for the execution of untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem fro...
PT-2026-40572
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...
U-SPEED AC1200 安全漏洞
The U-SPEED AC1200 is a Gigabit dual-band Wi-Fi router produced by the U-SPEED company. The U-SPEED AC1200 Gigabit Wi-Fi Router T18-21K V1.0 version has a security vulnerability. This vulnerability stems from improper access control; the UART interface exposed by the device lacks an authenticatio...
GHSA-G76P-4VG5-F4QH llm CLI tool contains a code injection vulnerability via `--functions` command-line argument
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
EUVD-2026-29559
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
llm CLI tool contains a code injection vulnerability via `--functions` command-line argument
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
GHSA-CFPG-C974-JFHQ PySyft server-side arbitrary Python execution after code approval
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
PySyft server-side arbitrary Python execution after code approval
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
DEBIAN-CVE-2026-31236
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
CVE-2026-31236
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
CVE-2026-31236
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
CVE-2026-31220
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
BIT-PHP-MIN-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
BIT-LIBPHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
MAL-2026-3562 Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-7287
The CVE affects Zyxel NWA1100-N customized firmware 1.00(AACE.1)C0, specifically the webs binary and its functions formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert(). The root cause is a buffer overflow in these functions, which could allow an attacker to trigger a d...