264 matches found
EUVD-2025-199211
Malicious code in get-them-args npm...
Malicious code in get-them-args (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885f72a03b5b12ad9795b819da4d8cbd92b5985848b3f9a057afd389de5a8f8 The package get-them-args was found to contain malicious code. Source: ghsa-malware d70e3f04273d02fdaa9555197354a75aba13abe81a22763a353d47db93ce9b32...
MAL-2025-191103 Malicious code in get-them-args (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885f72a03b5b12ad9795b819da4d8cbd92b5985848b3f9a057afd389de5a8f8 The package get-them-args was found to contain malicious code. Source: ghsa-malware d70e3f04273d02fdaa9555197354a75aba13abe81a22763a353d47db93ce9b32...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989207)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989207 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvcdecodewriteargs Smatch complains: fs/nfsd/nfsxdr.c:341...
CVE-2025-40036
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...
CVE-2025-40036 misc: fastrpc: fix possible map leak in fastrpc_put_args
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...
CVE-2025-40036
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...
EUVD-2025-36492
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...
CVE-2025-10547
An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption...
EUVD-2016-3423
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986686)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986686 advisory. In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic83xxaddrings In qlcnic83xxaddrings,...
EUVD-2025-4966
Malicious code in bioql PyPI...
EUVD-2025-28936
Malicious code in bioql PyPI...
EUVD-2022-4566
Malicious code in bioql PyPI...
EUVD-2025-28842
Malicious code in bioql PyPI...
j178/prek-action vulnerable to arbitrary code injection in composite action
Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...
GHSA-PWF7-47C3-MFHX j178/prek-action vulnerable to arbitrary code injection in composite action
Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...
CVE-2025-59844
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...