479 matches found
Malicious code in chai-extensions-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d91953781373f4257c01ae16e16329a5e35acfc2c30eddae881f73f8ebceaea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5060 Malicious code in chai-extensions-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d91953781373f4257c01ae16e16329a5e35acfc2c30eddae881f73f8ebceaea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview chai-extensions-extras is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...
PT-2026-42176
Name of the Vulnerable Software and Affected Versions twig/markdown-extra affected versions not specified twig/cssinliner-extra affected versions not specified Description Several filters in the twig/ extras packages are incorrectly registered with is safe = 'all', which instructs the autoescaper...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.88 security and extras update
Red Hat OpenShift Container Platform release 4.12.88 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...
Rembg has a Path Traversal via Custom Model Loading
Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...
GHSA-3WQJ-33CG-XC48 Rembg has a Path Traversal via Custom Model Loading
Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.82 CNF vRAN extras topology aware lifecycle manager update
An update for topology-aware-lifecycle manager is available for Red Hat OpenShift Container Platform 4.12. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: soci-snapshotter
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: runc
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Important: docker
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
CVE-2009-4741
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors...
CVE-2020-24133
A heap buffer overflow vulnerability in the rasmswfdisass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service DOS attacks...
Medium: docker
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Malicious Package
Overview dc-extras is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2025-192694 Malicious code in dc-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebfb103084f405558fdf917f0a86459bab97acfba22382d7f24afdb54d9964bc The package dc-extras was found to contain malicious code. Source: ghsa-malware 39af403fc6b31b58318c30ecab3f3348a044fd0a6d7918d7f355921c639f85aa Any...