MAL-2026-4954 Malicious code in @cloudplatform-single-spa/observability (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

EUVD-2026-26093

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

Arbitrary Command Injection

cai-framework is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-controlled input directly to shell commands via subprocess.Popen with shell=True, which allows an attacker to inject malicious arguments for example -exec in the findfile tool and execute arbitrar...

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...

Exploit for CVE-2025-61303

CVE-2025-61303 - RecordedFuture Triage: Denial-Of-Analysis via...

SUSE-SU-2023:3899-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.3.0 ESR MFSA 2023-42, bsc1215575: Security fixes: - CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 bmo1846683. - CVE-2023-5169: Out-of-bounds write in PathOps bmo1846685. - CVE-2023-517...

Input validation

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by t...

SUSE CVE-2004-0807

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service infinite loop and memory exhaustion via certain malformed requests that cause new processes to be spawned and enter an infinite loop...

SUSE CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...

SUSE CVE-2014-8171

The memory resource controller aka memcg in the Linux kernel allows local users to cause a denial of service deadlock by spawning new processes within a memory-constrained cgroup...

UBUNTU-CVE-2014-8171

The memory resource controller aka memcg in the Linux kernel allows local users to cause a denial of service deadlock by spawning new processes within a memory-constrained cgroup...

CVE-2016-7613

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component...

kernel: memcg: OOM handling DoS

It was found that the Linux kernel memory resource controller's memcg handling of OOM out of memory conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system...

CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...

nukenabber-DoS.txt

------------------------------------ NOTE: NukeNabber 2.9 and earlier are vulnerable. nn29a.exe is NOT vulnerable. ------------------------------------ Date: Fri, 6 Nov 1998 01:46:17 -0600 From: [email protected] To: [email protected] Subject: various lame DoS attacks Aleph, None of...