520635 matches found
Exploit for CVE-2026-10795
CVE-2026-10795 CVE-2026-10795 – UpdraftPlus Authentication Byp...
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
EUVD-2026-36219
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850
CVE-2026-11850 affects MIT Kerberos 5; the vulnerability is an integer underflow in berval2tl_data() inside ldap_principal2.c, where unsigned bv_len - 2 lacks bounds checking. When bv_len is 0 or 1, the subtraction underflows to 0xFFFE/0xFFFF and is then memcpy’d from a 0–1 byte buffer, causing a...
CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
MAL-2026-5636 Malicious code in swagger-express-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...
Malicious code in swagger-express-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...
Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
Malicious code in tw-fluid-type (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c3bc3497d6c683f52210ca201500d27cf9e2bcccd976883be2ed85d17569b54 The package advertises itself as a Tailwind CSS fluid-type plugin but ships src/utils/lib.min.js, which is loaded as a side effect when the package's...
Malicious code in tailwindcss-animotion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...
MAL-2026-5638 Malicious code in tw-fluid-type (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c3bc3497d6c683f52210ca201500d27cf9e2bcccd976883be2ed85d17569b54 The package advertises itself as a Tailwind CSS fluid-type plugin but ships src/utils/lib.min.js, which is loaded as a side effect when the package's...
MAL-2026-5637 Malicious code in tailwindcss-animotion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...
MAL-2026-5634 Malicious code in react-photo-views (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...
Malicious code in tailwindcss-merge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e379cbf2d39f386221b7e0896b9331c7a52dc62a74bee6ded47962a77074b7 Package name tailwindcss-merge is a one-character edit of the popular tailwind-merge utility, and the README documents it as a drop-in import ... fro...
Malicious code in clsx-tailwind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...
Malicious code in sass-formats (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...
MAL-2026-5632 Malicious code in tailwindcss-merge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e379cbf2d39f386221b7e0896b9331c7a52dc62a74bee6ded47962a77074b7 Package name tailwindcss-merge is a one-character edit of the popular tailwind-merge utility, and the README documents it as a drop-in import ... fro...
Malicious code in typeorm-encrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...