474 matches found
CVE-2026-2229
The CVE affects the undici WebSocket client. It arises from improper validation of the server_max_window_bits parameter in the permessage-deflate extension: isValidClientWindowBits() only checks ASCII digits and not the 8–15 range, and createInflateRaw() is not wrapped in a try-catch. A malicious...
Uncaught Exception
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception in the ByteParser when handling a specially crafted WebSocket frame with an extremely large 64-bit length. An attacker can cause the process to termina...
CVE-2026-3497
OpenSSH CVE-2026-3497 concerns a flaw in the GSSAPI Key Exchange patch applied by several Linux distributions, not in the upstream OpenSSH project. The bug occurs when sshpkt_disconnect() is used on an error and does not terminate the process, allowing an attacker to send an unexpected GSSAPI mes...
CVE-2026-1717
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...
CVE-2026-1717
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...
UBUNTU-CVE-2026-31870
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...
Lenovo Vantage和Lenovo Baiying 安全漏洞
Lenovo Vantage and Lenovo Baiying are both products of the Chinese company Lenovo. Lenovo Vantage is a computer management application. It supports functions such as driver updates, device status diagnosis, and computer configuration. Lenovo Baiying is an asset management software. Both Lenovo...
PT-2026-24678
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...
Sliver 代码问题漏洞
Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.7.3 have code vulnerabilities; these vulnerabilities stem from Protobuf deserialization log...
CVE-2026-22716
Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes...
CVE-2026-22716
CVE-2026-22716 is an out-of-bounds write vulnerability in VMware Workstation 25H1 and earlier. A non-administrative user inside a guest VM can terminate certain Workstation processes. The issue is addressed by patching to 25H2u1 (per the VMSA-2026-0002 advisory), with the vulnerability also refer...
Malicious code in @schedaero/bacon (npm)
Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1f79d2ea06bc3905829524120560412e8e875463b5bddeb6bad3a343292c20c The package...
Malicious code in @schedaero/net-common (npm)
Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...
MAL-2026-1229 Malicious code in @schedaero/net-common (npm)
Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the SVG decoding process. An attacker can cause excessive memory consumption and process termination by submitting a specially crafted SVG image file. Remediation A fix was pushed...
PT-2026-21588
Name of the Vulnerable Software and Affected Versions free5GC SMF versions prior to 1.4.2 Description The free5GC Session Management Function SMF, a component of the free5GC 5G mobile core network, is susceptible to a panic and process termination. This occurs due to a nil pointer dereference...
CVE-2026-27486
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...
Unverified Ownership
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unverified Ownership via the process cleanup routine. An attacker can cause termination of unrelated system processes by exploiting pattern-based process enumeration without ownership...
PT-2026-21337
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant. The CLI process cleanup mechanism used system-wide process enumeration and pattern matching to terminate processes without verifying ownership by the current...
nodejs: Nodejs denial of service
A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...