11718 matches found
MAL-2026-3458 Malicious code in @tallyui/connector-vendure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3774c2374f8e3ab7673400940dfc50d0826239ac34fd2e1170c7ab4c48de6a7 The package @squawk/types was found to contain malicious code. Source: ghsa-malware 14506d7385d737662e11382d460e176a16e727348a5b09cf27325bfbd4566f83...
KLA91034 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Machine Learning Notebook can be...
Machine Learning Engineering Open Book 安全漏洞
Machine Learning Engineering Open Book is a collection of methodologies for training and fine-tuning large language models developed by Stas Bekman. There is a security vulnerability in Machine Learning Engineering Open Book. This vulnerability arises from the use of the torch-checkpoint-shrink.p...
ROS-20260512-73-0006
A vulnerability in Incus container management system and virtual machine manager is related to incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
Microsoft Azure Connected Machine Agent 访问控制错误漏洞
Microsoft Azure Connected Machine Agent is a core component of Microsoft that connects non-Azure servers to the Azure console. There is an access control vulnerability present in Microsoft Azure Connected Machine Agent. Attackers can exploit this vulnerability to gain higher privileges...
Convolutional-Neural-Networks for Deanonymisation of I2P Traffic
This study investigates the potential for deanonymizing services within the Invisible Internet Project I2P network through passive traffic analysis and machine learning techniques. The primary objective is to identify distinctive patterns in I2P traffic despite the encryption of its payload. To...
Microsoft Azure Machine Learning 注入漏洞
Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. There is an injection vulnerability present in Microsoft Azure Machine Learning. Attackers utilize this vulnerability to carry out phishing attacks...
ROS-20260512-73-0007
A vulnerability in the Incus container management system and virtual machine manager is related to failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
PT-2026-40210
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
PT-2026-40141
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...
MAL-2026-3497 Malicious code in @tanstack/vue-router-ssr-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 925332e137c53fc83198f6ce65ec615c060124cbd8d1a5b23b9186c6494dbfba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/react-start-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8358ce998650baf1a9cb6bb602109da81268c43855ad0b16f892687cc89f104d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2026-2614 via mlflow (>=0.8.2 <=3.0.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2026-2614 Source advisory: OSV:GHSA-42H5-H8QH-VV9V...
CVE-2026-41257
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...
CVE-2026-41257
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...
CVE-2026-41257
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...
SUSE CVE-2026-43443
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
jq 输入验证错误漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the use of signed integers for the stack allocation size in the jq bytecode virtual machine. Wh...
CVE-2026-32207
Improper neutralization of input during web page generation 'cross-site scripting' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...