32 matches found
CVE-2026-11126
Summary of CVE-2026-11126 (Chrome DevTools) : An inappropriate DevTools implementation in Google Chrome prior to version 149.0.7827.53 enables a user-assisted attacker who persuades a victim to install a crafted/ malicious Chrome Extension to leak cross-origin data. The root cause is a DevTools-r...
CVE-2026-8874
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...
Malicious code in chalk-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0fe2974289b691a9f5541068f2e399aecb14a719779202ff5999652ffe351db On npm install, postinstall.js runs a credential and cryptocurrency stealer against the installer's machine. It reads /.npmrc extracting authToken an...
CLSA-2026-1773931583 libssh: Fix of CVE-2026-3731
CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...
USN-8093-1 libssh vulnerability
It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a client application queried extension data out of bounds, it could cause the application to crash, resulting in a denial of service, or exhibit unintended behavior...
SUSE CVE-2026-3731
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002510)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002510 advisory. include/net/netfilter/nfconntrackextend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension...
GHSA-CW39-R4H6-8J3X MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...
EUVD-2015-8630
Malware in sbrugna...
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
Denial Of Service (DoS)
System.Text.Json is vulnerable to Denial Of Service DoS. The vulnerability is due to deserializing input to a model with an ExtensionData property, which allows an attacker to consume excessive resources...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
SUSE CVE-2014-9715
include/net/netfilter/nfconntrackextend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service NULL pointer dereference and OOPS via outbound network traffic that...