MAL-2026-775 Malicious code in ac-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71f97348d3034afc8a89167b165172d331574fdeffd79f9392a282ff5732635f The package ac-array was found to contain malicious code...

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient validation of the idrecords array in the batch operation...

PT-2026-6774

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager contains a critical Error-Based SQL Injection issue within the Scadenzario Payment Schedule module’s bulk operations handler. The application does not properly validate that...

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

Security Bulletin: Reliability Strategies was using vulnerable library

Summary Reliability Strategies was using vulnerable library qs-6.13.0 which are vulnerable to CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit...

php security update

An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

RockyLinux 10 : php (RLSA-2026:1628)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1628 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images...

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3157 (ALAS-2026-3157)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3157 advisory. A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

EUVD-2025-206802

In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe The "index" variable is used as an index into the usbphyc-phys array which has usbphyc-nphys elements. So if it is equal to usbphyc-nphys then it is one element out of bounds. The "index...

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

UBUNTU-CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

Security update for php8

This update for php8 fixes the following issues: CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE bsc1255711. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...

SUSE-SU-2026:0370-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE bsc1255711...

Malicious Package

Overview aligned-array is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-670 Malicious code in aligned-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e1b553bdbf785a336d224d5d3594c204455937469510cdbc423519287b2360 The package aligned-array was found to contain malicious code. Source: ghsa-malware ea83ead9b32cbe9a0c64af15ea5b84c39dad6ba94e7688ec712ceb8d1b2e8185...

Malicious code in aligned-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e1b553bdbf785a336d224d5d3594c204455937469510cdbc423519287b2360 The package aligned-array was found to contain malicious code. Source: ghsa-malware ea83ead9b32cbe9a0c64af15ea5b84c39dad6ba94e7688ec712ceb8d1b2e8185...

Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the n...

kernel: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

A vulnerability was found in the Linux kernel's infiniband hfi1 driver. This issue is caused by the incorrect handling of SDMA descriptors, which can lead to an array overflow and potential memory corruption or crashes...

kernel: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

A vulnerability was found in the Linux kernel's infiniband hfi1 driver. This issue is caused by the incorrect handling of SDMA descriptors, which can lead to an array overflow and potential memory corruption or crashes...