33 matches found
MAL-2026-5568 Malicious code in forge-jsx2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9 The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install, scripts/postinstall-agent.mjs materializes a...
CVE-2026-11126
CVE-2026-11126 : Concrete details show an issue in Chromium-based Chrome DevTools. An attacker could leak cross-origin data by convincing a user to install a malicious Chrome extension. Affected software/version: Google Chrome/Chromium prior to 149.0.7827.53. The Debian advisory fixes this in chr...
CVE-2026-8874
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...
Malicious code in chalk-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0fe2974289b691a9f5541068f2e399aecb14a719779202ff5999652ffe351db On npm install, postinstall.js runs a credential and cryptocurrency stealer against the installer's machine. It reads /.npmrc extracting authToken an...
CLSA-2026-1773931583 libssh: Fix of CVE-2026-3731
CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...
USN-8093-1 libssh vulnerability
It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a client application queried extension data out of bounds, it could cause the application to crash, resulting in a denial of service, or exhibit unintended behavior...
SUSE CVE-2026-3731
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002510)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002510 advisory. include/net/netfilter/nfconntrackextend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension...
GHSA-CW39-R4H6-8J3X MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...
EUVD-2015-8630
Malware in sbrugna...
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
Denial Of Service (DoS)
System.Text.Json is vulnerable to Denial Of Service DoS. The vulnerability is due to deserializing input to a model with an ExtensionData property, which allows an attacker to consume excessive resources...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...
dotnet: Denial of Service in System.Text.Json
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...