VulnCheck KEV: CVE-2025-1055

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected ...

MAL-2026-5554 Malicious code in express-self-destruct2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21246439a04267591c998594f92ac1267c86698f5dcc3463ad2cd932abb04dc On install, the package's postinstall hook scripts/inject.js locates the installer's project root and main entry from package.json or fallbacks...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...

CVE-2026-44902

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

CVE-2026-40060

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40604

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...

CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

CVE-2026-35081

CVE-2026-35081 documents an Arbitrary process termination vulnerability in the ugw-logstop method. A remote attacker with user privileges can terminate arbitrary processes due to insufficient input validation. The Connected documents provide the description and CVSS metrics (CVSSv4.0 base 7.2 HIG...

MBS多款产品 输入验证错误漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have a vulnerability related to input validation errors. This vulnerability stems from the insufficient input validation provided by the ugw-logstop method,...

CVE-2026-44319 free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

CVE-2026-44319 free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

CVE-2026-44902

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

EUVD-2026-32005

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

MAL-2026-4443 Malicious code in @shinzepelly/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...

Malicious code in @shinzepelly/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...

PT-2026-41967

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

CVE-2026-40067

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40067 BIG-IP APM Vulnerability

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000160727: BIG-IP Advanced WAF and ASM vulnerability CVE-2026-40060

Security Advisory Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2026-40060 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote,...

CVE-2026-39869

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file...