MAL-2026-3187 Malicious code in apple-appstore-full-library-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...

CVE-2026-35379

A flaw was found in the tr utility of uutils coreutils. A logic error causes the program to incorrectly define the :graph: and :print: character classes, reversing their standard behavior. This vulnerability can lead to unintended data modification or loss when the utility is used in automated...

CVE-2026-35378

A flaw was found in the expr utility of uutils coreutils. A logic error in how the utility evaluates parenthesized subexpressions prevents proper short-circuiting for logical OR and AND operations. This can lead to arithmetic errors, such as division by zero, in parts of expressions that should b...

RHEL 9 : pcs (RHSA-2026:11469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11469 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary cod...

GeoVision GV-IP Device Utility 安全漏洞

The GeoVision GV-IP Device Utility is a network configuration tool developed by the Chinese company GeoVision, designed for discovering and managing IP monitoring devices. Version 9.0.5 of the GeoVision GV-IP Device Utility contains a security vulnerability. This vulnerability stems from...

CVE-2026-42363 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-42363 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-42363

CVE-2026-42363 affects GeoVision GV-IP Device Utility 9.0.5. The Device Authentication flow encrypts credentials using a protocol resembling Blowfish, but the symmetric key is included in the packet, making confidentiality rely on obscurity. When admin users interact with devices, credentials may...

CVE-2026-35370

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...

CVE-2026-35380

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

CVE-2026-35375

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

CVE-2026-35369

An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal SIGTERM to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massi...

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

MAL-2026-3022 Malicious code in jie-utility-package (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2cab7c48587f060014e5c8453f9ab21c0e6dd3c3523d095c1fcafbce8cbee2d1 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

GHSA-5V4G-VW9X-H534 uutils coreutils has an Improper Input Validation Issue in its env Utility

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

EUVD-2026-25034

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

EUVD-2026-25036

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

EUVD-2026-25030

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

EUVD-2026-25024

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

EUVD-2026-25022

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...