Lucene search
+L

1170 matches found

Snyk
Snyk
added 2026/06/11 1:57 p.m.9 views

Malicious Package

Overview hex-type is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.18 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.14 views

Malicious code in webpack-cache-reset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...

6.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 2:35 p.m.10 views

CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer

Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/10 8:4 a.m.10 views

crypto: caam - guard HMAC key hex dumps in hash_digest_key

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.11 views

Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms

https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports: Fixed a stack overflow in eisprintterm in erlinterface for very large integer terms more than 2000 hexadecimal digits long...

6.9CVSS5.5AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:40 p.m.9 views

MAL-2026-5416 Malicious code in @klapp-otp/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...

5.5AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.12 views

SUSE CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/08 7:32 p.m.23 views

CVE-2026-46291

A flaw was found in the Linux kernel's crypto: caam component. This vulnerability allows for the disclosure of sensitive HMAC Hash-based Message Authentication Code key bytes at runtime. The issue occurs because the hashdigestkey function uses printhexdumpdevel without proper guarding, which can...

5.5CVSS5.5AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 5:16 p.m.9 views

UBUNTU-CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.8 views

CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.4AI score0.00123EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/08 3:46 p.m.60 views

CVE-2026-46291

CVE-2026-46291 affects the Linux kernel crypto caam path, specifically hash_digest_key, where HMAC key bytes could be exposed via hex dumps when dynamic debugging is enabled. The reported fix changes the dumping approach to use print_hex_dump_devel() to avoid leaking sensitive HMAC key material a...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:46 p.m.44 views

CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hexadecimal dump of the HMAC key in the caam driver, potentially leading to the exposure of t...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47363

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description An issue exists in the hash digest key function within the caam crypto module. When CONFIG DYNAMIC DEBUG is enabled, sensitive HMAC key bytes may be leaked at runtime through hex dumps. Thi...

9.8CVSS5.2AI score0.00426EPSS
Exploits7References429
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10813

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

3.6CVSS4.6AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.13 views

CVE-2026-42795

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.6AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.8 views

CVE-2026-28221

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

8.2CVSS6AI score0.00382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References1
Rows per page
Query Builder