448 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-42305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows CVE-2026-42305 Note that Nessus relies on the presence of the package as reported b...
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow
A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...
PT-2026-32008
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 Description Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exe...
Malicious code in merchservicingnodeserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a4eacdccf8a177ac402bd5896b3033df07685cd3e951476d1e28e341e8e74b4 The package merchservicingnodeserv was found to contain malicious code. Source: ossf-package-analysis...
freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...
Malicious code in kiki-tomat22-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 468eeb4b852162e6f4e6df9268a48ba6f99dfb47d7ebe03ec073c62790d3adf5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125162 Malicious code in bella-kue37-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71841c8fc2dd5d5fdb27d246a6cca1ef4dc72aa85f200b34ade10b8b36083caf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-120785 Malicious code in indah-tongseng41-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3acf8b6942b60e9b271ad352326e21f5066a510429c14ffbd3149213cf5d79d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74564
Malicious code in hostileskinkviolet-16 npm...
EUVD-2025-76645
Malicious code in hostilekingfisher-gooddev npm...
EUVD-2025-76646
Malicious code in hostilebison-strongdev npm...
MAL-2025-103800 Malicious code in hostile_kingfisher-gooddev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f2b93839682402940f98efdc67bb0ab3bc800c104d2cded47297d3d626daf1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-79085
Malicious code in hostileiguanaz3n npm...
EUVD-2025-79084
Malicious code in hostilepikez3n npm...
EUVD-2025-79083
Malicious code in hostilewildcatz3n npm...
Malicious code in hostile_wildcat_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1972a76b41037a7ef282fe32be8ada0433bb59b020a201c8ab6e5cfe1b02734 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hostile_iguana_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a4c5fa28ca494fda5334131005d612b945d6c75f5d8d52ffd6c5ef8e3f3b33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hostile_butterfly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ce966c01365976e483d2280cdda5ed7319abbc0d1eebc5cf9d3ff8368ec7cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-79086
Malicious code in hostilebutterflyz3n npm...