11740 matches found
Hardware-Triggered Backdoors
Machine learning models are routinely deployed on a wide range of computing hardware. Although such hardware is typically expected to produce identical results, differences in its design can lead to small numerical variations during inference. In this work, we show that these variations can be...
MAL-2026-581 Malicious code in somesomesomesome (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501ce83717dc490a4b5550820a3d811bc7a90579dbf986bfb3013d0997ae3802 The package somesomesomesome was found to contain malicious code. Source: ghsa-malware 6ac6ff72ae68c24308f36c03065bd3d4f95aea678ce410a4edb706f73499e6...
EUVD-2026-4740
gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...
CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values
gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...
CVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...
varstored: TOCTOU issues with mapped guest memory
ISSUE DESCRIPTION varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the...
MAL-2026-541 Malicious code in pump.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b989d2f8fd56b43d56fd7cba25a48eaa37478729351505f297fc92fb125f697 The package pump.js was found to contain malicious code. Source: ghsa-malware 90ba9c17ff971763631161abd0a0b8dff35b945e9b81791ab4630ecf76af2185 Any...
Malicious code in ftm-noderpc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48bffc97a9e30f15aaeea633df39ff0ab500a8f4aeee9757390e0d0e2393e9d9 The package ftm-noderpc was found to contain malicious code. Source: ghsa-malware b2c3dc311c3d101881ee473edd9232f94c95686770a45f681038070507407fc2 An...
CVE-2026-1448
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...
CVE-2026-1448
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...
CVE-2026-1448 D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...
CVE-2026-24003 EvseV2G has sequence state validation bypass
EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...
EUVD-2026-4660
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...
KubeVirt Guest Agent DoS via Excessive Network Interface Reports
A flaw was found in KubeVirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
CVE-2025-14525
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
EUVD-2025-206339
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
CVE-2025-14525 Kubevirt: kubevirt: vm administration denial of service via guest agent
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
CVE-2025-14525
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
CVE-2025-14525
Summary: CVE-2025-14525 describes a denial-of-service flaw in kubevirt where a VM user with an active guest agent can cause the agent to report an excessive number of network interfaces. This overloads the system’s ability to record VM configuration updates, effectively blocking changes to the Vi...
CVE-2025-14525 Kubevirt: kubevirt: vm administration denial of service via guest agent
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...