Malicious code in @klapp-kyc/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca32e3aa7685d93e36eca726e08096bd0c5ba425172ef254fdf769cc09b46887 On npm install, the package's preinstall hook executes node index.js, which collects the installer's hostname, OS username, current working directory...

CVE-2026-42534 Jostle logic bypass degrades resolution performance

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

PT-2026-31029

Name of the Vulnerable Software and Affected Versions Aardvark-dns versions 1.16.0 through 1.17.0 Description A truncated TCP DNS query followed by a connection reset causes Aardvark-dns to enter an unrecoverable infinite error loop, resulting in 100% CPU usage. Recommendations Update to version...

SUSE CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

DEBIAN-CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

MiracleLinux 4 : libvirt-0.10.2-18.0.1.AXS4 (AXSA:2013-197:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-197:03 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd...

CVE-2025-57403

Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...

EUVD-2019-0270

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-16855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while...

SUSE CVE-2022-37428

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service daemon crash via a DNS query that leads to an answer with specific properties...

The vulnerability of the dns_query.cgi component of D-Link DIR-825 and TRENDnet TEW-632BRP routers allows a hacker to execute arbitrary commands.

The vulnerability of the dnsquery.cgi component of D-Link DIR-825 and TRENDnet TEW-632BRP routers exists due to the failure to address the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

UBUNTU-CVE-2016-5427

PowerDNS aka pdns Authoritative Server before 3.4.10 does not properly handle a . dot inside labels, which allows remote attackers to cause a denial of service backend CPU consumption via a crafted DNS query...

DEBIAN-CVE-2014-0591

The queryfindclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a crafted DNS query to an authoritativ...