Malicious Package

Overview debug-fmt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in debug-fmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...

Malicious code in debug-glitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f09a7eab8b255c9470cf181542b2ed5b9b214602d0c73dc089938cc1a2d546b2 The package debug-glitz was found to contain malicious code. Source: ghsa-malware 5c2a809411c1675d6b31e695ec844e233dbcc14e9c576f30d6e3491084b5b90c An...

MAL-2026-567 Malicious code in debug-glitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f09a7eab8b255c9470cf181542b2ed5b9b214602d0c73dc089938cc1a2d546b2 The package debug-glitz was found to contain malicious code. Source: ghsa-malware 5c2a809411c1675d6b31e695ec844e233dbcc14e9c576f30d6e3491084b5b90c An...

MAL-2026-566 Malicious code in debug-fmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...

CVE-2025-59104

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...

CLSA-2026-1769506462 Fix CVE(s): CVE-2025-8225

SECURITY UPDATE: debuginformation memory leak in processdebuginfo - debian/patches/CVE-2025-8225.patch: prevent memory leak by checking allocnumdebuginfoentries instead of numdebuginfoentries to determine whether debuginformation has been allocated - CVE-2025-8225...

AZL-75464 CVE-2026-24809 affecting package memcached for versions less than 1.6.27-4

An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005014)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005014 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005152)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005152 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4extshowleaf In ext4findextent, path may be freed by error or be...

sonarcloud-poc

SonarCloud PoC - SAST Test Projeto de teste para validar dete...

CVE-2025-59104

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...

CVE-2025-59104

The CVE-2025-59104 issue affects a dormakaba access manager where an attacker with physical access can solder to the debug footprint or connect a 6-Pin tag‑connect cable to access the bootloader. The vulnerable vector allows changing the kernel command line and ultimately obtaining a root shell. ...

CVE-2025-59104

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...

EUVD-2025-206371

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...

CVE-2025-59098

CVE-2025-59098 describes a trace/debug facility in the dormakaba Access Manager. The trace is exposed via a plain TCP socket with no authentication or encryption, and TraceClient.exe can connect through the web interface to receive debug output. The verbosity is configurable via HTTP(S) with the ...

EUVD-2025-206362

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

PT-2026-4754

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...

CVE-2026-23517

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...