ROOT-OS-DEBIAN-11-CVE-2024-38556 CVE-2024-38556 in rootio-linux - Patched by Root

Root has patched CVE-2024-38556 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

Embedded Malicious Code

Overview @jagreehal/workflow is a Typed async workflows with automatic error inference. Build type-safe workflows with Result types, step caching, resume state, and human-in-the-loop support. Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

Cross-site Scripting (XSS)

Overview vitest is a Next generation testing framework powered by Vite Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript ...

@aquacloud_ai/aqc-charts (>=0.1.1 <=0.1.3), @arkxos/arkos-system (>=0.1.1 <=0.1.10) +50 more potentially affected by CVE-2026-45249 via echarts (=6.0.0)

echarts NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on echarts and may be impacted: - @aquacloudai/aqc-charts =0.1.1, =0.1.1, =5.1.121, =0.1.1, =1023.48.0, =1023.0.0, =1023.0.0, =1023.0.0, =1023.0.0, =1023.0.0, =1023.0.0, =0.22.0,...

Fedora 42 : nano (2026-fbeaecb457)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fbeaecb457 advisory. fix CVE-2026-6842 and CVE-29026-6843 Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz2455127 Resolves: rhbz2455314 Tenable has extract...

Fedora 43 : lemonldap-ng (2026-38914f4e04)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-38914f4e04 advisory. Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/ Tenable has extracted the preceding description block directly from t...

SUSE: Security Advisory (SUSE-SU-2026:1290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user name field. An attacker can execute arbitrary code in the context of any user who passively visits a comment page by injecting malicious scripts. Details Cross-site scripting or XSS is a code...

Linux Distros Unpatched Vulnerability : CVE-2026-31933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting...

Ubuntu: Security Advisory (USN-8098-8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-6175-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-dec8f790f7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Huawei EulerOS: Security Advisory for python-ldap (EulerOS-SA-2026-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...