📄 OSK Privilege Escalation

This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting the OSK On-Screen Keyboard privilege escalation vulnerability. ================================================================================================================================== | Tit...

GHSA-R35X-V8P8-XVHW pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the absence of blacklist entries for environment variables such as HGRCPATH, CARGOBUILDRUSTCWRAPPER,...

com.github.mcollovati:quarkus-hilla-commons-deployment (=25.0.0-beta1), com.github.mcollovati:quarkus-hilla-deployment (=25.0.0-beta1) +22 more potentially affected by CVE-2026-2741 via com.vaadin:flow-build-tools (>=25.0.0-rc1 <=25.0.2)

com.vaadin:flow-build-tools MAVEN version =25.0.0-rc1, =25.0.0, =25.0.0, =4.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.9, =25.0.12 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518324...

DEBIAN-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

UBUNTU-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

PT-2026-22078

Name of the Vulnerable Software and Affected Versions minimatch versions prior to 3.1.3 minimatch versions 3.1.3 through 4.2.5 minimatch versions 4.2.5 through 5.1.8 minimatch versions 5.1.8 through 6.2.2 minimatch versions 6.2.2 through 7.4.8 minimatch versions 7.4.8 through 8.0.6 minimatch...

MAL-2026-342 Malicious code in ofjaaah-build-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f994ed6a23b4449a3ab09537485788c488a90e26c56c52d309b4704d8d2da9 The package ofjaaah-build-tools was found to contain malicious code. Source: ghsa-malware...

Malicious code in ofjaaah-build-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0f994ed6a23b4449a3ab09537485788c488a90e26c56c52d309b4704d8d2da9 The package ofjaaah-build-tools was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3265

Malicious code in ofjaaah-build-tools npm...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization of Groovy code provided by delegated administrators. A privileged attacker can execute arbitrary code remotely by providing malicious Groovy implementations that are loaded and executed by the...

EUVD-2018-0741

Malware in sbrugna...

MAL-2025-23948 Malicious code in jsii-build-tools (npm)

The package jsii-build-tools was found to contain malicious code...

Malicious code in jsii-build-tools (npm)

The package jsii-build-tools was found to contain malicious code...

BIT-DOTNET-SDK-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...

ROS-20250619-03

A vulnerability in the Microsoft Visual Studio software development tool, the Microsoft.NET software platform, and the Build Tools for Visual Studio toolkit is associated with an incorrect external external vulnerability. Microsoft.NET and Build Tools for Visual Studio toolkit is related to...

CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

...

CVE-2025-26646

The CVE-2025-26646 entry relates to External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio, enabling spoofing over a network. Connected sources specify affected stack as .NET/Visual Studio tooling and provide concrete patch lines: for .NET 8.0, mitigations...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...