Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

CVE-2026-43020 Bluetooth: MGMT: validate LTK enc_size on load

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to validate encsize when loading LTK in the Bluetooth MGMT protocol, which could result in a stack...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013143 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page cou...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

PT-2026-28261

Name of the Vulnerable Software and Affected Versions River Past CamDo version 3.7.6 Description The software contains a structured exception handler SEH buffer overflow. Local attackers can execute arbitrary code by providing a malicious string in the Lame enc.dll name field. Attackers can creat...

CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

CVE-2021-4461

CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System

PT-2025-44459

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 Description The software does not properly decode and parse the enc parameter in the thirdpartyController.do endpoint. The decoded map values can influence session...

VulnCheck KEV: CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

EUVD-2025-10056

Malicious code in bioql PyPI...

PT-2025-38330

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur when an overloaded system runs -parallel in the context of the current task. This issue arises from bottom halves BHs not being disabled in do serial, leading to a...

CLSA-2025-1757947715 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

CLSA-2025-1757944976 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

CLSA-2025-1757944902 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...