GHSA-RM5C-5X2P-48WR Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

DbGate: Unauthenticated Remote Code Execution via JSON Script Runner

Summary DbGate's JSON script runner POST /runners/start allows remote code execution via code injection in the functionName parameter of JSON script assign commands. The functionName value is interpolated directly into dynamically generated JavaScript source code via string concatenation. The...

CVE-2026-48104 GHSL-2026-120: 7-Zip SquashFS BlockToNode uninitialized heap read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

CVE-2026-48104

7-Zip (versions 9.18–26.00) contains an uninitialized heap read in the SquashFS archive handler. A sparsely populated index array causes _blockToNode to be allocated for all metadata blocks but only populated when an inode crosses a block boundary; images with few inodes spanning many blocks leav...

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24769 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24769 Source advisory: OSV:GHSA-5549-C5Q7-FJ65...

MAL-2026-5270 Malicious code in reactvora (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfcb3bd27816a88e8b3dd4f1fac5c0378232af112bf70a452056a637ce7d131 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in glyphr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc5a7daf8ce7e35afeab46185779066154602b910011e68f5241df91f164756e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

CVE-2026-11329 onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

CVE-2026-11329

Technical details are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, impact, and remediation.

CVE-2026-11329 onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter, traefik, kube-metrics-adapter, kyverno-policy-reporter-ui, opentelemetry-operator, k8sgateway, q, kargo, dkron, k3s, kubernetes-dns-node-cache, kubo, prometheus-blackbox-exporter, frp, teleport, ipfs-cluster, coredns, spegel...

MAL-2026-5210 Malicious code in ai-sdk-ollama (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in executable-stories-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in @contaazul/n8n-nodes-contaazul (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in @ethlete/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in @ethlete/contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in @ethlete/cdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

Malicious code in @ethlete/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...