MAL-2026-5612 Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

CVE-2026-42965 Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...

CVE-2026-42965 Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and earlier, 9.3.26 and earlier, and 9.4.16 and earlier, the server running on any operating system and Jetty version combination will display a 404 error in the output, indicating that no Context matching the requested path was found. The default server...

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

A vulnerability was found in PHP. If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2025:3682-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3682-1 advisory. go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509:...

EUVD-2002-1940

Malware in sbrugna...

EUVD-2005-3173

Malware in sbrugna...

Connection to Veeam Software Appliance Fails With: "Authentication failed: invalid credentials"

Challenge When attempting to use local account credentials to connect to a Veeam Software Appliance that is joined to a domain, the Console fails to connect with the errror: Authentication failed: invalid credentials Cause This error occurs due to an account collision caused by the...

NetScaler: Securing HA Management IPs and FQDN with SAN Certificates

Securing Management IP and FQDN for High Availability Citrix ADCs with SAN Certificates Ensuring the secure management of your Citrix Application Delivery Controllers ADCs in a High Availability HA setup is crucial for maintaining the integrity and confidentiality of your infrastructure. This...

libreswan: Invalid IKEv1 Quick Mode ID causes restart

A NULL pointer dereference flaw was found in Libreswan when processing IKEv1 Quick Mode requests. When an IKEv1 Quick Mode connection configured with IDIPV4ADDR or IDIPV6ADDR receives an IDcr payload with IDFQDN, it triggers a NULL pointer dereference error. This flaw allows a malicious client or...

AZL-28065 CVE-2023-38711 affecting package libreswan for versions less than 4.7-5

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with IDIPV4ADDR or IDIPV6ADDR receives an IDcr payload with IDFQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6...

PT-2023-5265 · Libreswan +5 · Libreswan +5

Name of the Vulnerable Software and Affected Versions: Libreswan versions prior to 4.12 Description: An issue was discovered in Libreswan when an IKEv1 Quick Mode connection configured with ID IPV4 ADDR or ID IPV6 ADDR receives an IDcr payload with ID FQDN, causing a NULL pointer dereference. Thi...

PT-2023-24777 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.42 Description: The issue concerns a flat-file content management system where the denylist, introduced to prevent the execution of dangerous functions via malicious template injection, was insufficient. This allowe...

Fully qualified domain names are incorrectly resolved

Lines of code Vulnerability details Impact A relative domain name like foo.eth becomes fully qualified if it ends with a dot, e.g. foo.eth., although this might seem unfamiliar to some, it's the standard and part of the DNS specification, see Fully qualified domain name, Trailing Dots in Domain...

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

Role of Spoofed IP address in FQDN Based Tunneling

What is the role of Spoofed IP address in FQDN Based Tunneling...

SUSE CVE-2004-0765

The certTestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name FQDN, which allows remote attackers to spoof trusted certificates...

SUSE CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...