Malicious code in create-kachow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97 bin/create-kachow.js declares a BUILTINKEYS object containing live API keys for four third-party AI providers Gemini key starting...

MAL-2026-4539 Malicious code in create-kachow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97 bin/create-kachow.js declares a BUILTINKEYS object containing live API keys for four third-party AI providers Gemini key starting...

CVE-2026-33137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updateAssistant and createAssistant handlers in the assistant service. An attacker can reassign an assistant to a...

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fixed a possible Use-after-Allocation UAF in snictgtcreate A warning is reported as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warning: &‘tgt-list’ was not removed from the list If the deviceadd function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the xid leak in cifscreate If the cifs function has already been shut down, we should release the xid before returning it; otherwise, the xid will be leaked...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: Prevent a NULL dereference in rtnlcreatelink. When rtnlcreatelink is running, dev-netdevops is NULL. We must not use netdevlockops, as it may lead to a NULL dereference if CONFIGNETSHAPER is defined. Instead, use...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fixed a platform-device leak in bridgeplatformcreate. In the error case when calling bridgeplatformcreate after calling platformdeviceadd/platformdeviceadddata/platformdeviceaddresources, release the failed ‘pdev’...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Under NFSv4.1, fix the issue where double svcxprtput operations on rpccreate cause failures. In error situations, clp-clcbconn.cbxprt should not be referenced as an xprt. Otherwise, both client cleanup and error handling...

Astra Linux - уязвимость в postgresql-11

A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

Astra Linux - уязвимость в linux-5.15

A out-of-bounds memory read flaw was discovered in the parseleasestate function within the KSMBD implementation of the in-kernel Samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command along with a malformed payload to KSMBD, due to a lack of checks on the NameOffset...

Astra Linux - уязвимость в opensc

The contextcreate function in ctx.c, within libopensc in OpenSC 0.19.0, has a memory leak, as evidenced by a call from eidenv...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap The function fastrpcinitcreatestaticprocess may free the memory allocated to cctx-remoteheap during the errmap path, but does not clear the pointer pointing to that memory...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally, zero filling would hide the missing initialization. However, setting descsize in regcreate incorrectly causes a crash: BUG: Unable to handle a page fault f...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a potential double-free issue in createvarref. In createvarref, initvarref is called to initialize the fields of the reffield variable. This variable is allocated in the previous function call, to createhistfield...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: net/9p: A potential socket leak has been fixed in p9socketopen. Both p9fdcreatetcp and p9fdcreateunix will call p9socketopen. If the creation of p9transfd fails, both p9fdcreatetcp and p9fdcreateunix will return an error...