170448 matches found
MAL-2026-5981 Malicious code in metrics-probe-64b2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...
CGA-JXC8-HF9C-Q8R6
Bulletin has no description...
CGA-FCGJ-PWXV-JXFC
Bulletin has no description...
CGA-X9X2-H6WQ-M4F8
Bulletin has no description...
CGA-4CHQ-8F8M-CXG9
Bulletin has no description...
CGA-844F-MF5P-F2JR
Bulletin has no description...
MAL-2026-5954 Malicious code in @mastra/libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae3d2946dd7a5ef81d52da321aac5fce8fe40c59a844491d6e6a07c1c84b08ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ECHO-0C44-AA79-6B74
Bulletin has no description...
PT-2026-50544
Name of the Vulnerable Software and Affected Versions PHP Standard Library PSL versions 6.1.0 through 6.1.1 PHP Standard Library PSL version 6.2.0 Description The PslH2ServerConnection function does not validate that the total bytes received in DATA frames match the content-length header declared...
PT-2026-50567
Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Abstractions versions 4.0.0 through 4.1.0 Description When MySQL or PostgreSQL service bindings from VCAP SERVICES include TLS client credentials, the Connectors library writes these credentials to temporary files in...
PT-2026-50232
Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A logic error in the code of SettingsLib results in a missing permission check. This flaw allows for local escalation of privilege without requiring additional execution privileges or...
Linux Distros Unpatched Vulnerability : CVE-2026-12318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12318 Note that Nessu...
GO-2026-5055 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser...
CGA-F7W5-386X-QJPJ
Bulletin has no description...
CGA-7RC4-CR5C-MXF4
Bulletin has no description...
CGA-83MV-GW9X-G6WR
Bulletin has no description...
MINI-WW98-X2QW-JHJR
Bulletin has no description...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
MINI-763Q-98MW-3G34
Bulletin has no description...
MINI-HX78-VPM4-V27V
Bulletin has no description...