@0l00000l/auth (>=1.0.0 <=1.0.8), @0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18) +990 more potentially affected by CVE-2026-44291 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =2.1.4, =0.3.1, =0.3.1, =0.7.1, =0.9.0 - @access-mcp/software-discovery =0.8.0 and more Source cves: CVE-2026-44291 Source advisory: SNYK:JS-PROTOBUFJS-16643304...

NPM: protobuf.js: Denial of service through unbounded protobuf recursion

NPM: protobuf.js: Denial of service through unbounded protobuf recursion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. In versions starting from 7.0.0 up to before 8.0.2, there was a stack-based buffer overflow vulnerability in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-siz...

CVE-2026-41242 protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

CVE-2026-41242 protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

UBUNTU-CVE-2026-30999

A heap buffer overflow in the avbprintfinalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-32370

A heap buffer overflow in the av bprint finalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

CVE-2025-60949 Census CSWeb leaked configuration files

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

CVE-2025-60947 Census CSWeb arbitrary file upload

Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...

CVE-2025-60946 Census CSWeb path traversal

Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...

CVE-2025-60946

Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...

CSPro Users CSWeb 安全漏洞

CSPro Users CSWeb is a web application developed by CSPro Users Inc. It allows users to securely transfer cases or files between client devices and web servers. Version 8.0.1 of CSPro Users CSWeb contains a security vulnerability that stems from allowing arbitrary file path inputs. This...

CVE-2025-69693

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the yuv2ya16Xctemplate function within libswscale/output.c. An attacker can cause the application to crash or become unresponsive by providing specially crafted input that triggers an integer overflow...

EUVD-2021-0713

Malware in sbrugna...

EUVD-2019-4018

Malware in sbrugna...

CVE-2025-59148

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed ...

UBUNTU-CVE-2025-59148

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed ...

CVE-2025-59148

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed ...