Malicious code in @giftyhq/widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...

MAL-2026-4523 Malicious code in claude-channel-imessage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

PT-2026-37627

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...

CVE-2025-59098

CVE-2025-59098 describes a trace/debug facility in the dormakaba Access Manager. The trace is exposed via a plain TCP socket with no authentication or encryption, and TraceClient.exe can connect through the web interface to receive debug output. The verbosity is configurable via HTTP(S) with the ...

EUVD-2011-0515

Malware in sbrugna...

CVE-2022-49671 RDMA/cm: Fix memory leak in ib_cm_insert_listen

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ibcminsertlisten cmallocidpriv allocates resource for the cmidpriv. When cminitlisten fails it doesn't free it, leading to memory leak. Add the missing error unwind...

Unspecified Vulnerability in Selesta Visual Access Manager (CNVD-2025-22662)

Selesta Visual Access Manager is a visual access manager from Selesta. A security vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to modify and receive ID-related computer POST parameters via POST HTTP request interception...

CVE-2023-29156

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID ODID messages which force the DroneScout ds230 Remote ID...

SUSE CVE-2011-0495

Stack-based buffer overflow in the asturiencode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary...

CVE-2021-30898

An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms...

PT-2021-18949 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15 iPadOS versions prior to 15 Description: An access issue was addressed with additional sandbox restrictions on third-party applications. A malicious application may be able to access some of the user's Apple ID...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. There are security vulnerabilities in Apple iOS and iPadOS. A malicious application may be able to access...

CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

USN-4328-1 thunderbird vulnerabilities

It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. CVE-2020-6792 Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an...

CVE-2011-0495

Stack-based buffer overflow in the asturiencode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary...

CVE-2011-0495

CVE-2011-0495 affects Asterisk Open Source prior to the fixed versions listed in multiple advisories. The issue is a stack-based buffer overflow in ast_uri_encode in main/utils.c that can be triggered by crafted caller ID data and exploited via (1) SIP channel driver, (2) URIENCODE dialplan funct...