31181 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-48689
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an invalid dereference of rawdata when the exportbinary function is not set properly. This could lead t...
Linux Distros Unpatched Vulnerability : CVE-2026-45965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: fix invalid deref of rawdata when exportbinary is unset If the exportbinary parameter is disabled on runtime, profiles that were loaded before that wi...
CVE-2026-48689
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five methods appenddynamicbuffer, appenddataaspointer, appenddataasobjectptr, memcpyfromptr, memcpyfromobjectptr use an incorrect bounds chec...
DEBIAN-CVE-2026-48689
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five methods appenddynamicbuffer, appenddataaspointer, appenddataasobjectptr, memcpyfromptr, memcpyfromobjectptr use an incorrect bounds chec...
MAL-2026-4793 Malicious code in vxui-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4af2c5e995ae069d3037f1310d055fac142dd6bb2ccd5ecb7e7f9a518e8022f0 On npm install, package.json's postinstall script runs curl -skL...
Malicious code in vxui-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4af2c5e995ae069d3037f1310d055fac142dd6bb2ccd5ecb7e7f9a518e8022f0 On npm install, package.json's postinstall script runs curl -skL...
Malicious code in 1cat-tunnel-client-zx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796f1b18c13a38088b4e48d75575eb92b23af5d91cdfaf6a82717f0fabbc7a79 On npm install, the package's postinstall hook node install.js fetches a platform-specific executable from...
MAL-2026-4778 Malicious code in 1cat-tunnel-client-zx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796f1b18c13a38088b4e48d75575eb92b23af5d91cdfaf6a82717f0fabbc7a79 On npm install, the package's postinstall hook node install.js fetches a platform-specific executable from...
ndaybench
ndaybench A benchmark for measuring whether AI agents can bui...
Malicious code in wao (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f809db41305575dc4eeed6726bdc75000e7f083dee4599ad71fd7b5eb89b2501 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — it is a 976KB Linux x86-64 ELF executable magic bytes...
Malicious code in weavedb-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3017d9faf2f1f8a8973162392159e8d185b9c676555d406da261e67cd95395e8 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — its first bytes are the ELF magic \x7fELF\x02\x01\x01,...
MAL-2026-4720 Malicious code in weavedb-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3017d9faf2f1f8a8973162392159e8d185b9c676555d406da261e67cd95395e8 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — its first bytes are the ELF magic \x7fELF\x02\x01\x01,...
MAL-2026-4727 Malicious code in weavedb-warp-contracts-plugin-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a98f87e329831590a7416ca47a949a7b21cf8e948491e875d8359ca8d5cc5959 package.json declares "preinstall": "./tools/setup", which is a 976 KB Linux x8664 ELF binary shipped in the tarball with no source, no build system,...
Malicious code in weavedb-warp-contracts-plugin-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a98f87e329831590a7416ca47a949a7b21cf8e948491e875d8359ca8d5cc5959 package.json declares "preinstall": "./tools/setup", which is a 976 KB Linux x8664 ELF binary shipped in the tarball with no source, no build system,...
MAL-2026-4717 Malicious code in weavedb-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...
Malicious code in weavedb-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...
Malicious code in weavedb-sdk-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...
MAL-2026-4724 Malicious code in weavedb-sdk-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...
MAL-2026-4718 Malicious code in weavedb-exm-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78ab05b11a1c784b066c89ffaff7bdf3a3351c611818e1d310cf718a64f20aec package.json declares "preinstall": "./vendor/setup", causing every npm install weavedb-exm-sdk to execute vendor/setup — a 976,568-byte Linux x86 EL...