Lucene search
K

125 matches found

OSV
OSV
added 2026/05/20 8:34 a.m.13 views

MAL-2026-4647 Malicious code in prjct-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72b60bff5e0e18ecdc993dc505651612acba538fd6c5e46c4ea69619c453f8f9 On npm install, scripts/postinstall.js invokes scripts/ensure-bun.sh, which runs curl -fsSL https://bun.sh/install | bash with no version pin and no...

6.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42204

Name of the Vulnerable Software and Affected Versions RTK versions prior to 0.32.0 Description RTK Rust Token Killer improperly trusts project-local configuration files by automatically loading .rtk/filters.toml from the working directory with the highest priority and without notifying the user...

6.9CVSS5.9AI score0.00078EPSS
Exploits0References10
Veracode
Veracode
added 2026/05/16 6:40 a.m.36 views

LFS Object Overwrite

Gogs is vulnerable to LFS object overwrite. The vulnerability is due to overwritable LFS objects across different repositories, where attackers can manipulate the uploaded file like injecting backdoor, and Gogs does not verify uploaded LFS file content against its claimed SHA-256...

9.3CVSS7.1AI score0.00327EPSS
Exploits1References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

5.5AI score
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.18 views

CVE-2026-7818

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.8CVSS0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 7:34 p.m.18 views

CVE-2026-34596

Sandboxie-Plus (Windows) prior to v1.17.3 contains a TOCTOU race during addon installation. UpdUtil.exe runs as SYSTEM via SandBoxieSvc, stages updater files in %TEMP%\sandboxie-updater, verifies hashes against the addon manifest, then extracts files.cab and runs config.exe. An unprivileged user ...

7CVSS5.7AI score0.00106EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/05 7:34 p.m.7 views

EUVD-2026-27468

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

5.4CVSS5.7AI score0.00106EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37231

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

5.4CVSS5.7AI score0.00106EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Sandboxie Plus 安全漏洞

Sandboxie Plus is an open-source Windows sandboxing tool developed by Sandboxie Plus. Versions of Sandboxie Plus prior to 1.17.2 contained a security vulnerability, which was caused by a TOCTOU race condition during the plugin installation process. This vulnerability could allow non-privileged...

7CVSS5.9AI score0.00106EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.11 views

SUSE CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

7.5CVSS5.7AI score0.00294EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-31719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own...

7.5CVSS7AI score0.00294EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 8:39 p.m.8 views

CVE-2026-31719

A flaw was found in the krb5enc module of the Linux kernel's crypto subsystem. When performing asynchronous decryption, the krb5encdispatchdecrypt function incorrectly bypasses the integrity verification hash check. This issue occurs because the skcipher completion handler signals completion...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/01 1:56 p.m.29 views

CVE-2026-31719 crypto: krb5enc - fix async decrypt skipping hash verification

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

7.5CVSS0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:56 p.m.2 views

CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

5.7AI score0.00294EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/01 1:56 p.m.11 views

EUVD-2026-26528

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5encdispatchdecrypt sets req-base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this...

5.7AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/05/01 1:56 p.m.21 views

CVE-2026-31719

CVE-2026-31719 concerns the Linux kernel crypto/krb5enc async decrypt path where the skcipher completion could bypass the hash verification, bypassing integrity checks. The root cause is krb5enc_dispatch_decrypt() signaling completion without invoking krb5enc_dispatch_decrypt_hash(). The fix adds...

7.5CVSS5.7AI score0.00294EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the asynchronous decryption of krb5enc without hashing verification, potentially allowing for...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-36349

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the krb5enc dispatch decrypt function allows asynchronous decryption to bypass integrity verification. The function sets the caller's completion handler as the callback, which...

9.8CVSS5.8AI score0.93235EPSS
Exploits31References289
OSV
OSV
added 2026/04/21 6:24 p.m.5 views

GHSA-R65V-XGWC-G56J OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...

3.1CVSS5.8AI score0.00218EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/21 6:24 p.m.9 views

OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...

6.5CVSS5.8AI score0.00218EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder