103 matches found
CVE-2026-35351
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...
Not Failing Securely ('Failing Open')
Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the VikingBot OpenAPI HTTP route when the apikey configuration value is unset or empty. An attacker can invoke privileged bot-control functionalit...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Not Failing Securely ('Failing Open')
Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...
Not Failing Securely ('Failing Open')
Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' due to improper validation of the crit header parameter. An attacker can bypass intended authorization policies by crafting a signed token with unknown...
CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
Not Failing Securely ('Failing Open')
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the verifyhash function in authlib/oidc/core/claims.py. An attacker can substitute an access token or authorization code undetect...
Not Failing Securely ('Failing Open')
Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the settlsextservernamecallback function. An attacker can bypass security-sensitive checks by causing an unhandled exception in the callback, which results in the connection being accepted. If a...
Not Failing Securely ('Failing Open')
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the credential resolution process. An attacker can access unintended remote credentials by configuring local authentication SecretRefs that are...
CVE-2026-22865 Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
PT-2025-49309
Name of the Vulnerable Software and Affected Versions BACnet Protocol Stack versions prior to 1.5.0.rc2 Description The BACnet Protocol Stack library contains flaws in the npdu is expected reply function within src/bacnet/npdu.c. This function does not properly validate the existence of Applicati...
EUVD-2012-3764
Malware in sbrugna...
Exploit for Double Free in Microsoft
CVE-2025-49667 — Win32k Privilege Escalation Exploit !Explo...
failing-line (=0.0.1), mp3s (=0.0.0) +3 more potentially affected by unknown CVE via findall (=0.0.4)
findall NPM version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on findall and may be impacted: - failing-line =0.0.1 - mp3s =0.0.0 - ourtunes =0.0.0, =0.0.2, =0.0.3, =2.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-20572...
MAL-2025-20163 Malicious code in failing-line (npm)
The package failing-line was found to contain malicious code...
Malicious code in failing-line (npm)
The package failing-line was found to contain malicious code...
Malicious code in failing-code (npm)
The package failing-code was found to contain malicious code...