Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)

Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff The...

MAL-2026-2410 Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)

Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff The...

CVE-2025-41660

The CVE-2025-41660 entry concerns CODESYS Control runtime system. According to sources, a low-privileged remote attacker may replace the boot application, enabling unauthorized code execution on the target. This is characterized as a network-accessible issue with low attack complexity and privile...

CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745

CVE-2026-4745 is an Arbitrary Code Execution in dendibakh perf-ninja (labs/misc/pgo/lua modules) linked to the vulnerable program file ldo.C. The issue arises from improper generation of code (Code Injection) in perf-ninja, affecting the Lua-related components. The CVSS 4.0 base score is 10.0 (CR...

CVE-2026-4744 Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution

Out-of-bounds Read vulnerability in rizonesoft Notepad3 ‎scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1...

FlexHEX 代码问题漏洞

FlexHEX is an open-source hexadecimal data editor developed by FlexHEX. Version 2.71 of FlexHEX contains a code vulnerability caused by a local buffer overflow in the Stream Name field. This vulnerability could allow local attackers to execute arbitrary code by triggering the structured exception...

FreeIPMI 安全漏洞

FreeIPMI is an open-source server remote management toolset provided by FreeIPMI, which offers features for managing and monitoring IPMI interfaces. Versions of FreeIPMI prior to 1.16.17 contained security vulnerabilities. These vulnerabilities stemmed from buffer overflows in the ipmi-oem client...

Vikunja 代码注入漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained a code injection vulnerability. This vulnerability occurred because the Vikunja Desktop Electron wrapper enabled nodeIntegration in the main BrowserWindow without any...

Insyde BIOS SMM Memory Corruption Security Update

A potential security vulnerability has been identified in certain HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow arbitrary code execution. Insyde has released mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs...

KLA90958 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of...

PT-2026-27444

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

KLA90957 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevati...

KLA90955 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of...

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

Mozilla多款产品 资源管理错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A resource management error vulnerability exists in multiple Mozilla...

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products,...

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...