EUVD-2025-206378

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

pnpm code issues and vulnerabilities

PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 had code-related vulnerabilities. These vulnerabilities stemmed from path traversal vulnerabilities in the binary extractor, which could allow malicious packages to write files outside of the...

pnpm security vulnerabilities

PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in binary links, which could allow malicious npm packages to create executable files or symbolic links...

Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

The rapid expansion of the Internet of Things IoT in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and...

Linux Kernel Integer Overflow Vulnerability

Linux Kernel contains an integer overflow vulnerability in the createelftables function which could allow an unprivileged local user with access to SUID or otherwise privileged binary to escalate their privileges on the system...

CVE-2026-24404 iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

Arbitrary Code Execution

binary-parser is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized interpolation of untrusted values into dynamically generated code, where attacker-controlled parser field names or encoding parameters are embedded directly into generated JavaScript, allowing arbitra...

GPT Academic Code Issues and Vulnerabilities

GPT Academic is an interface developed by binary-husky developers, designed to provide practical interactions for large language models like GPT/GLM. There are code vulnerabilities in GPT Academic; these vulnerabilities stem from the runinsubprocesswrapperfunc function, which lacks validation of...

Azure Linux 3.0 Security Update: kernel (CVE-2024-44977)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44977 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add ...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-3171)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3171 advisory. - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...

MAL-2026-444 Malicious code in terminalbrush (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 35e06fb41f9c1a4f082cf49a72dec89fc5b4d2f6580b97e527d291d50807b801 Package downloads an executable, places it distinguished as a Python binary and starts it. At the time of analysis, the URL was no longer active, so it was not...

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 CVSS score: 6.5, affects all versions of the module prior to version 2.3.0, whic...

PT-2026-3805

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

2jcie-ble-decode (>=0.0.1 <=0.1.0), @agc93/pak-reader (>=0.0.1 <=0.0.3) +161 more potentially affected by CVE-2026-1245 via binary-parser (>=1.1.5 <=2.2.1)

binary-parser NPM version =1.1.5, =0.0.1, =0.0.1, =0.38.0, =0.38.0, =0.38.0, =0.30.0-beta.1, =0.38.0, =0.38.0, =0.38.0, =0.0.1, =1.0.0, =0.4.41, =0.5.2 - @emergencyx/e4p =1.1.1 - @eschoellhorn/deadlights =0.6.0 and more Source cves: CVE-2026-1245 Source advisory: OSV:GHSA-M39P-34QH-RH3W...

binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

GHSA-M39P-34QH-RH3W binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

@alephium/cli (>=0.38.0 <=0.45.0), @alephium/get-extension-wallet (>=0.38.0 <=0.45.0) +19 more potentially affected by CVE-2026-1245 via binary-parser (>=2.0.3 <=2.2.1)

binary-parser NPM version =2.0.3, =0.38.0, =0.38.0, =0.38.0, =0.30.0-beta.1, =0.38.0, =0.38.0, =0.38.0, =0.22.0, =0.0.2, =1.4.1, =0.8.0, =1.13.0, =1.0.0, =2.1.1 and more Source cves: CVE-2026-1245 Source advisory: SNYK:JS-BINARYPARSER-15046328...

Arbitrary Code Injection

Overview binary-parser is a Blazing-fast binary parser builder Affected versions of this package are vulnerable to Arbitrary Code Injection via malicious field names. An attacker can execute arbitrary JavaScript code by supplying untrusted values in the field names or encoding parameters, which a...

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...