@antv/f-charts (=0.0.0), @antv/f-lottie (>=0.0.1 <=1.10.0) +14 more potentially affected by unknown CVE via @antv/f-engine (>=1.0.10 <=1.10.0)

@antv/f-engine NPM version =1.0.10, =0.0.1, =0.0.1, =1.0.1, =0.0.1, =1.0.1, =5.0.27, =5.0.0-alpha.1, =5.0.0-alpha.1, =5.0.1, =0.0.1, =0.0.1-alpha.1, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3882...

EUVD-2014-0213

Malware in sbrugna...

EUVD-2024-26139

Malicious code in bioql PyPI...

EUVD-2023-2383

Malicious code in bioql PyPI...

Docker Engine 28.2 < 28.3.3 Local Docker Ports Exposed to Network

The version of the Docker Engine Moby installed on the remote host is between 28.2.0 to 28.3.2 It is therefore affected by an vulnerability that exposes local ports to the network. When the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of namespace selectors in the GetNamespaceSelectorsFromNamespaceLister function in labels.go. An attacker can bypass policy rules using malicious requests...

CVE-2025-30204 affecting package moby-engine for versions less than 25.0.3-12

CVE-2025-30204 affecting package moby-engine for versions less than 25.0.3-12. A patched version of the package is available...

CVE-2024-54502

The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash...

Security Bulletin: Two vulnerabilities in WAS Liberty affect IBM Transformation Extender Advanced and IBM Standards Processing Engine (CVE-2016-0378 and CVE-2016-5986)

Summary Two vulnerabilities have been found in WAS Liberty, which is shipped in IBM Transforation Extender Advanced and IBM Standards Processing Engine. IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions...

OESA-2021-1157 velocity security update

Velocity is a Java-based template engine. It permits anyone to use the simple yet powerful template language to reference objects defined in Java code. Security Fixes: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the...

PT-2020-6568

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.7.16 Ansible Engine versions 2.8.x through 2.8.10 Ansible Engine versions 2.9.x through 2.9.6 Ansible Tower versions 3.4.5 and earlier Ansible Tower versions 3.5.5 and earlier Ansible Tower version 3.6.3...

Rocket.Chat: Account takeover via XSS

Summary: By combining AutoLinker and Markdown an attacker is able to inject malicious scripts. Description: By combining AutoLinker and Markdown we can trick the parser into breaking out of the current HTML attribute. https://a?p= results in: html ." target="blank" rel="noopener noreferrer" "...

Symantec Anti-virus Engine Denial of Service Vulnerability

Symantec Anti-virus Engine AVE is a network service from Symantec, Inc. that provides virus scanning and virus remediation for application data traveling over a network. A security vulnerability exists in Symantec AVE version 20151.1.0.32. The vulnerability can be exploited by an attacker to caus...

Google Chrome V8 Denial of Service Vulnerability (CNVD-2016-00780)

Google Chrome is the United States Google Google company developed a Web browser. Google V8 is one of the open source JavaScript engine. A security vulnerability exists in Google Chrome prior to version 48.0.2564.82 and in Google V8 prior to version 4.8.271.17, which it uses. An attacker can...

CA kmxfw.sys Code Execution and DoS Vulnerabilities

CA Products are prone to local code execution and denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CA kmxfw.sys Code Execution and DoS Vulnerabilities

This host is running CA Products, which is prone to Local Code Execution and Denial of Service Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodcaprdtsmultvuln900202.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: CA kmxfw.sys Code Execution and DoS Vulnerabilities. Authors: Veerendra GG...