Lucene search
K

7111 matches found

OSV
OSV
added 2026/05/03 12:35 p.m.7 views

MAL-2026-3304 Malicious code in apcyber-test-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4386e2b20fb74fe5b131a23550b9550b4539a3f79056ea8ad08f502453409737 The package apcyber-test-package was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 12:19 p.m.11 views

Malicious code in @allyfinancial/allyfinancial-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274ff2ac2c7d1051fa268e63d390bb70d6b731bcdaebb94f87251067b62d37af The package @allyfinancial/allyfinancial-api was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/03 12:19 p.m.8 views

MAL-2026-3302 Malicious code in ally-starter-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac9875cbfe312bac49b96d321664e13d98ff6214d38db1d0b3339500a83204cc The package ally-starter-api was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 12:19 p.m.11 views

Malicious code in ally-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/03 12:19 p.m.7 views

MAL-2026-3300 Malicious code in ally-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/03 9:56 a.m.9 views

OESA-2026-2146 gstreamer1-plugins-good security update

Security Fixes: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gstwavparseadtlchunk function. The patch added a size validation check lsize + 8 size, but it does not account for the GSTROUNDUP2lsize used in the actual offset calculation. When lsize is an odd number, the pars...

7.5CVSS7.3AI score0.00225EPSS
Exploits0References2
RustSec
RustSec
added 2026/05/02 12:0 p.m.12 views

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/05/02 12:0 p.m.12 views

Invalid pointer arithmetic in `iter()` and `iter_mut()`

The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/02 12:0 p.m.7 views

RUSTSEC-2026-0133 Invalid pointer arithmetic in `iter()` and `iter_mut()`

The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/02 12:0 p.m.10 views

RUSTSEC-2026-0123 Out-of-bounds read in `bytes_helper` public safe functions

The byteshelper module contains multiple public functions intoarr4, intoarr2, u8fromlebytes that use slice.getuncheckedpos..pos + N without verifying that pos + N = slice.len. These are public safe API functions, allowing any caller to trigger undefined behavior by passing invalid positions. For...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/02 9:37 a.m.5 views

MAL-2026-3234 Malicious code in apexpro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8783908329ceda250d21f3d9d39a117f80f8ca55c400c72065449d2a0bc1c The package apexpro was found to contain malicious code. Source: ghsa-malware fb2932c368cbb684114a08865c171d8af11aa8af3738e7d156f5692beccd48d5 Any...

5.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/01 6:16 p.m.7 views

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS5.8AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 5:30 p.m.5 views

CVE-2026-43030

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. A logic error in the regsafe function, specifically when handling pointers to packets, could lead to an incorrect state where valid packet ranges are not properly explored. This vulnerability may allow an attacker to...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 3:16 p.m.6 views

CVE-2026-43048

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

8.8CVSS0.00241EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to deny immediate NFQUEUE verdicts in netfilter nftables, which could lead to undefined behavior...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36370

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommupt component where the unmap process may unmap more than requested if the ending point falls within a large or contiguous Input/Output Page Table Entry IOPTE...

8.8CVSS5.8AI score0.0012EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked index mapping error in the ALSA ctxfi driver, which could lead to undefined behavior...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.7 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to ensure that names end with a null character in netfilter xtables, which could lead to undefined...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/30 2:2 p.m.8 views

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

9.1CVSS6.8AI score0.00307EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/30 8:26 a.m.6 views

Malicious code in apple-internal-security-audit-v99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Rows per page
Query Builder