2460210 matches found
SUSE CVE-2026-53260
In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...
SUSE CVE-2026-53264
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...
SUSE CVE-2026-53270
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
SUSE CVE-2026-57435
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri's CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...
SUSE CVE-2026-57437
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...
EUVD-2026-39616
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
CVE-2026-8661
CVE-2026-8661 affects the Rapid7 InsightConnect Markdown Plugin (Linux) up to version 3.1.4. The vulnerability is in the markdown_to_pdf action and combines Server-Side Scripting (XSS) with Server-Side Request Forgery (SSRF). It allows remote attackers to execute JavaScript server-side and to tri...
CVE-2026-8661
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
Malicious code in @dervix/ws (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b9ab7431b1a6a1250c089e2ea33f54ad92313f587fbd2aabc020c12be55f69 Package @dervix/ws impersonates the popular ws WebSocket library — package.json copies the legitimate ws project's homepage...
MAL-2026-6496 Malicious code in @dervix/ws (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b9ab7431b1a6a1250c089e2ea33f54ad92313f587fbd2aabc020c12be55f69 Package @dervix/ws impersonates the popular ws WebSocket library — package.json copies the legitimate ws project's homepage...
Malicious code in wellnpm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...
Malicious Package
Overview wellnpm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-6501 Malicious code in wellnpm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...
Malicious code in animatecss-postcss-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...
MAL-2026-6495 Malicious code in animatecss-postcss-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...
CVE-2026-53160
A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...
CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
EUVD-2026-39615
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...