250 matches found
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...
PT-2026-49551
Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...
MINI-PQMF-XMM3-8CH9
Bulletin has no description...
CVE-2026-44774
creationtimestamp| type| source ---|---|--- 2026-05-11 15:10:49+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-96qj-4jj5-wcjc 2026-05-12 23:15:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3mlow66ezsf2e...
GHSA-48M6-CH88-55MJ
creationtimestamp| type| source ---|---|--- 2026-04-23 21:26:31+00:00| seen| Telegram/BiTM4VWQdbYmMG43-mv447qo5-YjFbOvUme2BKAYDCNPPw...
CVE-2026-6874
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2026-6874
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
EUVD-2026-23923
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-6662 ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
PT-2026-33809
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...
Malicious Package
Overview shop-republik-ch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2248 Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...
CVE-2025-1386
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-65559
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...
Malicious code in guras-visa-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd77492c09f059a2c07e504bb3040c371b402b0d9999096613642f7d7a9f7a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155471 Malicious code in guras-visa-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd77492c09f059a2c07e504bb3040c371b402b0d9999096613642f7d7a9f7a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-34600
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...
EUVD-2008-5254
Malware in sbrugna...
EUVD-2025-10732
Malicious code in bioql PyPI...