1917 matches found
EUVD-2026-43116
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...
CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex
Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...
EEF-CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex
Summary Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak\nif::lumis\adapter::LumisAdapter::parse\highlight\lines in native/comrak\nif/src/lumis\adapter.rs eagerly...
Malicious code in weavedb-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...
Malicious code in weavedb-sdk-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...
MAL-2026-4482 Malicious code in arnext (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...
MAL-2026-4713 Malicious code in wdb-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...
MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
MAL-2026-4428 Malicious code in @rspack-debug/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c05c92aa1796614da12b282390f160fef2a5c63aba9a3257af956c19df341ce5 Package @rspack-debug/[email protected] impersonates the popular @rspack/core bundler. The README, description 'Fast Rust-based bundler for the web with a...
OpenClaw has an unspecified vulnerability (CNVD-2026-17487)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...
ALPINE-CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
UBUNTU-CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
CVE-2026-21712
CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...
Exploit for Integer Overflow or Wraparound in Apple Ipados
Coruna: Full-Chain Safari/WebKit Exploit Kit Research & Ana...
CVE-2025-40539
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...