Malicious code in dial-app-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799 The package dial-app-version was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in sn3akysnak3-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21fa246103030890351ed5948825f415a78600c6aacb5187dbd840518f744d92 The package sn3akysnak3-test was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2286 Malicious code in sn3akysnak3-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21fa246103030890351ed5948825f415a78600c6aacb5187dbd840518f744d92 The package sn3akysnak3-test was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @adac-fahrzeugplattform/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779ce69d66db89d0bc1c8b82a373e6fed7e1b6a84d2cdf56bcab4b3076226f5f The package @adac-fahrzeugplattform/ui was found to contain malicious code. Source: ghsa-malware...

Ghidra Software Reverse Engineering Framework 安全漏洞

Ghidra Software Reverse Engineering Framework is an open-source software reverse engineering framework developed by the National Security Agency. Versions of the Ghidra Software Reverse Engineering Framework prior to 12.0.3 contained security vulnerabilities. These vulnerabilities stemmed from...

PT-2026-28454

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains an exec allowlist bypass issue where the matchesExecAllowlistPattern function improperly normalizes patterns. This improper normalization, involving lowercasing and glob...

PT-2026-28677

Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.0.3 Description The software improperly processes annotation directives embedded in automatically extracted binary data, leading to arbitrary command execution when a user interacts with the user interface. The...

CVE-2026-4622

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...

EUVD-2017-18949

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

CVE-2017-20228

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

CVE-2017-20228 Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

Malicious code in autoshipment-public-front (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...

CVE-2026-27650

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

SUSE CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

[SECURITY] Fedora 44 Update: rust-reqsign-command-execute-tokio-3.0.0-1.fc44

Tokio-based command execution implementation for reqsign...

PT-2026-28234

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

EUVD-2026-16771

Flannel has cross-node remote code execution via extension backend BackendData injection...

GHSA-VCHX-5PR6-FFX2 Flannel has cross-node remote code execution via extension backend BackendData injection

Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerabili...