1083871 matches found
CVE-2025-68713
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
GHSA-PR59-H9PH-3FR8 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...
protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...
MINI-3QX6-F9V4-CM5F
Bulletin has no description...
Malicious code in @intentsolution/database-security-scanner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1f4da3cb40cc2e1396230869d85bcc5a3c9267c0dc3c60dc297c08d1882230 The package's main file index.js is heavily obfuscated using obfuscator.io-style string-array rotation, base64 fragments, and per-byte XOR decoders...
MAL-2026-5825 Malicious code in @intentsolution/database-security-scanner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1f4da3cb40cc2e1396230869d85bcc5a3c9267c0dc3c60dc297c08d1882230 The package's main file index.js is heavily obfuscated using obfuscator.io-style string-array rotation, base64 fragments, and per-byte XOR decoders...
MINI-8XXP-VPQ5-H96M
Bulletin has no description...
GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...
Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...
MINI-J2WQ-4HCV-QVW7
Bulletin has no description...
MINI-79P4-PVV9-Q8CF
Bulletin has no description...
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...
MINI-FR7H-W434-8J7H
Bulletin has no description...
CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
MINI-FXJX-F465-P27V
Bulletin has no description...
CVE-2026-53705 Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
CVE-2026-53705
GStreamer1-plugins-good’s WavPack decoder (gst_wavpack_dec_handle_frame) has an integer overflow in the 4 * block_samples * channels calculation, causing a very small heap allocation. The WavPack library then writes decoded samples beyond the allocated buffer, leading to heap memory corruption on...
CVE-2026-53705
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
MINI-PP97-8GHP-MQP2
Bulletin has no description...
MINI-2RWC-7Q79-QPH8
Bulletin has no description...