252329 matches found
UBUNTU-CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
Malicious code in corelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...
MAL-2026-4536 Malicious code in corelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...
CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-33633 Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-33633
CVE-2026-33633 affects the Kitty terminal. Versions 0.46.2 and earlier are vulnerable to a heap buffer overflow in load_image_data(), triggered by a single APC graphics protocol command with a PNG declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacke...
CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...
CVE-2026-6009
CVE-2026-6009 is a Java deserialization vulnerability in the Jaspersoft Reports Library that can lead to Remote Code Execution (RCE) on affected systems. The cited sources describe the issue as a Java Deserialisation Vulnerability, but do not specify affected versions, vulnerable components withi...
EUVD-2026-30962
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...
CVE-2026-6009 Jaspersoft Library Deserialisation Vulnerability
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...
CVE-2026-6009
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...
CVE-2026-6009 Jaspersoft Library Deserialisation Vulnerability
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...
CVE-2026-31072
A flaw was found in APScheduler, affecting its JSONSerializer and CBORSerializer components. This vulnerability, known as insecure deserialization, allows a remote attacker to execute arbitrary code on the system. By sending a specially crafted data payload, an attacker can manipulate the...
Malicious code in cheaty-sync-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...
Malicious code in bytecore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1ddd2dea35052822d2dc89f0f46ceae20c772c257e0c97f0024483e9ff31c0 The package masquerades as a pino-like logging middleware README is copied from pino, exports a pino property, mimics pino's option shape but the...
MAL-2026-4503 Malicious code in bytecore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1ddd2dea35052822d2dc89f0f46ceae20c772c257e0c97f0024483e9ff31c0 The package masquerades as a pino-like logging middleware README is copied from pino, exports a pino property, mimics pino's option shape but the...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
DEBIAN-CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
UBUNTU-CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...