CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

Uncontrolled Search Path Element

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2026-25655

CVE-2026-25655 affects SINEC NMS prior to 4.0 SP2. The issue is an improper modification of a configuration file by a low-privileged user, which can be exploited to load malicious DLLs and potentially achieve arbitrary code execution with administrative privileges. From the provided data, attack ...

Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages

Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords...

CVE-2019-25268

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SM...

CVE-2019-25268 NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SM...

Siemens Altair Grid Engine 代码问题漏洞

Siemens Altair Grid Engine is a distributed resource management system from Siemens USA. A code issue vulnerability exists in Siemens Altair Grid Engine versions prior to V2026.0.0, which stems from a failure to properly validate environment variables when loading shared libraries, which could le...

EUVD-2019-13701

Malware in sbrugna...

EUVD-2018-12375

Malware in sbrugna...

EUVD-2006-1565

Malware in sbrugna...

EUVD-2006-6457

Malware in sbrugna...

EUVD-2003-0443

Malware in sbrugna...

EUVD-2006-1566

Malware in sbrugna...

EUVD-2004-2125

Malware in sbrugna...

EUVD-2024-34637

Malicious code in bioql PyPI...

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

cve-2025-32463 chroot sudo chroot Execute the comman...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...