7736 matches found
PT-2026-7488
Name of the Vulnerable Software and Affected Versions Saastech Cleaning and Internet Services Inc. TemizlikYolda versions through 11022026 Description An authorization bypass exists due to the manipulation of user-controlled variables in TemizlikYolda. This allows bypassing intended access...
TemizlikYolda 安全漏洞
TemizlikYolda is an online domestic service booking platform operated by the Turkish company TemizlikYolda. Versions of TemizlikYolda prior to 11022026 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization through user control keys, potentially allowing...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-005340)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005340 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration...
PT-2026-7764
Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.4 macOS Tahoe versions prior to 26.3 watchOS versions prior to 26.3 visionOS versions prior to 26.3 iOS versions prior to 26.3 iPadOS versions prior to 26.3 Description An issue existed in how environment...
glibc 2.38 Buffer Overflow
This is a local privilege escalation exploit for CVE-2023-4911, also known as "Looney Tunables", caused by a buffer overflow in the glibc dynamic loader's environment variable parsing logic. The vulnerability is triggered by crafting a maliciously long GLIBCTUNABLES string which corrupts internal...
📄 glibc 2.38 Buffer Overflow
This is a local privilege escalation exploit for CVE-2023-4911, also known as "Looney Tunables", caused by a buffer overflow in the glibc dynamic loader's environment variable parsing logic. The vulnerability is triggered by crafting a maliciously long GLIBCTUNABLES string which corrupts internal...
MAL-2026-844 Malicious code in vllm-plugins (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fa0706d497278a502d158c89d51645a6f4e8187ca325aacaa59facccf542a03 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
Malicious code in vllm-plugins (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fa0706d497278a502d158c89d51645a6f4e8187ca325aacaa59facccf542a03 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...
Insertion of Sensitive Information into Log File
Overview @rage-against-the-pixel/unity-cli is an A command line utility for the Unity Game Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the sign-package command when the --verbose flag is enabled. An attacker can obtain sensitive...
Intel Trust Domain Extensions 安全漏洞
Intel Trust Domain Extensions is a confidential virtualization solution developed by Intel Corporation in the United States. It aims to isolate confidential virtual machines from non-confidential domain software stacks including hypervisors, VMMs, and other non-trusted domain software stacks,...
MAL-2026-815 Malicious code in skydeo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e44bfc09c7d974ae07443b4c6af6fd3e4566e7761755cc89ba810713d2b6482 Importing the module exfiltrates all environment variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in skydeo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e44bfc09c7d974ae07443b4c6af6fd3e4566e7761755cc89ba810713d2b6482 Importing the module exfiltrates all environment variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in carcent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6672d1df7a6035da8ee0a2c7a4ed9e7e5bace551e5948fd2e7d7d31a18410a1c Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-808 Malicious code in carcent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6672d1df7a6035da8ee0a2c7a4ed9e7e5bace551e5948fd2e7d7d31a18410a1c Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
osbuild-composer security update
101.4-3.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size to 1GB Orabug: 36827079 - support for building OL8/9 images on Oracle Linu...
Oracle Linux 8 : osbuild-composer (ELSA-2026-2124)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2124 advisory. 101.4-3.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...
Improper Neutralization
Apache HTTP Server is vulnerable to Improper Neutralization. The vulnerability is due to environment variables set via Apache configuration improperly overriding server-calculated CGI variables, which allows an attacker to influence CGI execution by injecting or manipulating control sequences...
ROS-20260205-73-0011
A vulnerability in the btrfsprelimref function of the include/trace/events/btrfs.h module of the Linux kernel is related to pointer dereferencing resulting from calls to old and new variables in the wrong order. Exploitation of the vulnerability could allow an attacker to cause a denial of servic...
CVE-2026-24844 melange pipeline working-directory could allow command injection
melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...