Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Packagekit_Project Packagekit

CVE-2026-41651 — Pack2TheRoot Analysis PackageKit Local P...

CVE-2019-18932

log.c in Squid Analysis Report Generator sarg through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and...

EUVD-2008-7207

Malware in sbrugna...

EUVD-2019-8605

Malware in sbrugna...

EUVD-2020-17383

Malware in sbrugna...

EUVD-2008-1177

Malware in sbrugna...

EUVD-2008-7206

Malware in sbrugna...

EUVD-2020-28866

Malware in sbrugna...

MAL-2025-46998 Malicious code in tdm-shared-core-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f40d5eac324a286d10c565745ab72ab39f4b9ffa1fc95fc0bbf40101f44a6955 The OpenSSF Package Analysis project identified 'tdm-shared-core-library' @ 99.0.3 npm as malicious. It is considered malicious because: - The...

MAL-2025-41275 Malicious code in tanstack-virtual-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b38d98c47aceac75b944aff9d0df30a563d89aaa076329820aa58b119e010448 The OpenSSF Package Analysis project identified 'tanstack-virtual-cor...

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities

CISA published a Malware Analysis Report MAR with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704link is external CWE-94: Code Injectionlink is external, CVE-2025-49706link is external CWE-287: Improper Authenticationlink is...

CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

CVE-2021-47654 samples/landlock: Fix path_list memory leak

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix pathlist memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'pathlist' ret = 0; ^ pathlist is allocated in parsepath but never freed...

Malicious code in passport-openpass-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0761835d95103228401a69c1b951451a6a5698da0f7edec16514d5072d6b6051 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-38234

creationtimestamp| type| source ---|---|--- 2024-09-10 17:25:32+00:00| seen| https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review...

CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

Today, the United Kingdom’s National Cyber Security Centre NCSC-UK, the United States’ Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI, New Zealand’s National Cyber Security Centre NCSC-NZ, the Canadian Centre for Cyber...

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include an additional Malwar...

CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise

CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally,...

Hitachi Vantara Pentaho DOM-Type Cross-Site Scripting Vulnerability

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A DOM-type cross-site scripting vulnerability exists in Hitachi Vantara Pentaho in the Analysis Report...

Hitachi Vantara Pentaho Cross-Site Scripting Vulnerability (CNVD-2021-17715)

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A stored cross-site scripting vulnerability exists in the Display Name parameter of the Analysis Report in...