Lucene search
K

124 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in backup3-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...

6.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-40290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

7.8CVSS5.9AI score0.00187EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.25 views

PT-2026-46006

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.16.0 through 4.10.x Description A use-after-free race condition exists in the shared memory teardown logic of FF-A within SPMC/SP flows. This occurs when OP-TEE is configured as an SPMC for S-EL0 SPs using CFG SECURE...

7.8CVSS5.9AI score0.00187EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview backup3-ff is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:2 a.m.6 views

Input: uinput - fix circular locking dependency with ff-core

...

7.8CVSS5.8AI score0.00096EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/24 2:45 p.m.5 views

CVE-2026-31667

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...

7.8CVSS5.5AI score0.00096EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007597)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007597 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is...

5.6AI score0.00211EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Input: uinput – Zero initializes uinputff UploadCompat to prevent information leakage. The struct ffeffectcompat is embedded twice within uinputff UploadCompat and contains internal padding. In particular, there is a gap after...

6.1AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/01/29 12:48 a.m.3 views

CGA-VXMP-RR98-57FF

Bulletin has no description...

7.3CVSS7.3AI score0.00444EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004283 advisory. In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka...

4.9CVSS6.4AI score0.00738EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004135)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004135 advisory. In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka...

4.9CVSS6.4AI score0.00738EPSS
Exploits0References18
OSV
OSV
added 2025/12/04 4:16 p.m.8 views

AZL-71422 CVE-2025-40266 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

6AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 4:16 p.m.6 views

CVE-2025-40266

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

0.00162EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/04 4:8 p.m.24 views

CVE-2025-40266 KVM: arm64: Check the untrusted offset in FF-A memory share

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

0.00162EPSS
Exploits0References4
OSV
OSV
added 2025/12/04 4:8 p.m.6 views

CVE-2025-40266 KVM: arm64: Check the untrusted offset in FF-A memory share

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

6.6AI score0.00162EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.7 views

AlmaLinux 9 : gimp (ALSA-2025:21968)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21968 advisory. gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10922 gimp: GIMP ICNS File Parsing Out-Of-Bounds Writ...

7.8CVSS7.6AI score0.02751EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2025/11/24 4:24 p.m.8 views

ff-build (>=2.4.0 <=2.6.1) potentially affected by unknown CVE via gulp-inject-envs (=1.2.0)

gulp-inject-envs NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on gulp-inject-envs and may be impacted: - ff-build =2.4.0, =2.6.1 Source cves: unknown CVE Source advisory: SNYK:JS-GULPINJECTENVS-14103633...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.5 views

Malicious code in soniec-kat-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cd919172ff697f96b104ebacd4b023e561ff9ffdf628dff5178e47021b16e02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/12 7:18 p.m.1 views

EUVD-2025-139454

Malicious code in nuilva-darde-ff npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.4 views

Malicious code in messi-aa-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f75231ed32b957af26a1d5ddd99dbfdfdd0b821cb9321db6960faa8f26ec7ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder