4239 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005730)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005730 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...
EUVD-2025-208283
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...
CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...
CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...
Security Bulletin: Source Code Exposure Vulnerability in webpack-dev-server (Fixed in Version 5.2.1) affects watsonx.data
Summary webpack-dev-server versions prior to 5.2.1 are vulnerable to source code exposure when users visit a malicious website. Due to classic script requests not being restricted by the same-origin policy, an attacker who knows the dev server port and entry script path can inject a script, acces...
SUSE CVE-2026-23633
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...
CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...
CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...
PT-2026-22964
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint...
Malicious Package
Overview xrpl-dev-portal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1221 Malicious code in xrpl-dev-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19d7ccfb5e9bebce90f062b458b8ac38691519308db3cb6bf846b54a387dad9 The package xrpl-dev-portal was found to contain malicious code. Source: ghsa-malware 4fda3daad7ee020ce9cee13e48a40a89de8040cc479f0c4ac9687198ccd576c...
Malicious code in xrpl-dev-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19d7ccfb5e9bebce90f062b458b8ac38691519308db3cb6bf846b54a387dad9 The package xrpl-dev-portal was found to contain malicious code. Source: ghsa-malware 4fda3daad7ee020ce9cee13e48a40a89de8040cc479f0c4ac9687198ccd576c...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005747)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005747 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct...
CVE-2026-0027
In smmudetachdev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0027
In smmudetachdev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0027
In smmudetachdev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-3255
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...
ASB-A-456069704
In smmudetachdev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-28211
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...
GHSA-MJF5-7G4M-GX5W Storybook Dev Server is Vulnerable to WebSocket Hijacking
Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...