30 matches found
Notepad++ 8.9.6.2 < 8.9.6.4 TOCTOU Race Condition (CVE-2026-52885)
The version of Notepad++ installed on the remote host is 8.9.6.2 or 8.9.6.3. It is, therefore, affected by a TOCTOU race condition vulnerability: - A time-of-check time-of-use TOCTOU race condition exists in the HMAC verification of shortcuts.xml. The HMAC check validates the on-disk file at...
MAL-2026-6584 Malicious code in poly-kelly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...
CVE-2026-52885
Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...
CVE-2026-47380
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...
MAL-2026-5799 Malicious code in boardflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9d5c1524281430272215f48a90b957cf08f76dcb9954cb73945421dff358eb2 package.json declares preinstall: node install.js, which fires automatically on npm install. install.js is heavily obfuscated obfuscator.io...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iowqremovepending function in iowq. This function does not check whether the predecessor has...
MAL-2026-4533 Malicious code in codebuff-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...
EUVD-2026-24031
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction DoS...
CVE-2026-39396
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...
CVE-2026-39396
OpenBao is vulnerable to a DoS via a decompression bomb in its OCI plugin extraction. Before version 2.5.3, ExtractPluginFromImage() streams decompressed tar data with no upper bound, using io.Copy without size checks. If an attacker controls the OCI registry, they can serve a crafted image that ...
PT-2026-33882
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description The OCI plugin downloader contains an issue in the ExtractPluginFromImage function where plugin binaries are extracted from container images by streaming decompressed tar data via io.Copy without a...
Pickle deserialization RCE via pd.read_pickle() bypasses CVE-2024-24590 fix
Summary The fix for CVE-2024-24590 only hardened the type == "pickle" deserialization branch in Artifact.get. A parallel code path for type == "pandas" with contenttype == "application/pickle" calls pd.readpickle without any integrity or safety check. An attacker who uploads a malicious pickle...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...
HSEC-2023-0011 git-annex GPG decryption attack via compromised remote
git-annex GPG decryption attack via compromised remote A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's GPG key. This attack could be used to expose encrypted data that was never stored in git-annex. Daniel Dent discovered this...
The vulnerability in the `front/index.php` script of the NetAlert X network alert infrastructure allows a intruder to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability in the front/index.php script of the NetAlert X network alerting infrastructure is related to incorrect password comparison based on hashes. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...
Exploit for CVE-2025-45467
CVE-2025-45467: Insecure Firmware Verification in Unitree Go1...
Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Access...
TCPDF 安全漏洞
TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF version before 6.8.0 has a security vulnerability , the vulnerability stems from unserializeTCPDFtag use "! =" and does not use the constant-time function to compare TCPDF tag hashes...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
PT-2023-11866 · WordPress · Wordable
Name of the Vulnerable Software and Affected Versions: Wordable plugin for WordPress versions up to, and including, 3.1.1 Description: The issue is related to authentication bypass due to the use of a user-supplied hashing algorithm passed to the hash hmac function and a loose comparison on the...