1147 matches found
CVE-2026-49293
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...
PT-2026-51007
Name of the Vulnerable Software and Affected Versions js-toml versions prior to 1.1.1 Description The software contains a quadratic time complexity issue during the parsing of hexadecimal, octal, and binary integer literals. This occurs because the parseBigInt function uses a loop that performs a...
EEF-CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark
Summary Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':\make\att1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal...
Malicious code in vite-config-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...
MAL-2026-5727 Malicious code in vite-config-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...
MGASA-2026-0196 Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...
Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...
Malicious Package
Overview hex-type is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in webpack-cache-cycle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...
Malicious code in webpack-cache-reset (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...
CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer
Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...
Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms
https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports: Fixed a stack overflow in eisprintterm in erlinterface for very large integer terms more than 2000 hexadecimal digits long...
MAL-2026-5416 Malicious code in @klapp-otp/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...
SUSE CVE-2026-46291
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...
CVE-2026-46291
A flaw was found in the Linux kernel's crypto: caam component. This vulnerability allows for the disclosure of sensitive HMAC Hash-based Message Authentication Code key bytes at runtime. The issue occurs because the hashdigestkey function uses printhexdumpdevel without proper guarding, which can...
CVE-2026-46291
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...
UBUNTU-CVE-2026-46291
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...
CVE-2026-46291
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...
CVE-2026-46291
CVE-2026-46291 concerns the Linux kernel crypto/caam path: hash_digest_key may dump sensitive HMAC key bytes when CONFIG_DYNAMIC_DEBUG is enabled. The fix redirects dumps to print_hex_dump_devel() to prevent leaking secrets at runtime. Affected behavior is that dynamic debugging could reveal HMAC...