Lucene search
+L

2615 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: A memory leak has been fixed in the ipcpciereadbioscfg function. The ipcpciereadbioscfg function uses acpievaluatedsm to obtain the wwan power state configuration from the BIOS. However, it does not free the...

5.5CVSS6.1AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When receiving rendering data via IPC mStream, it might have been destroyed during initialization, which could lead to a use-after-free condition and potentially cause a crash. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

6.5CVSS6.7AI score0.00545EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Mojo IPC in Google Chrome before version 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00651EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed a potential race condition when creating a tree that connects to IPC. Protected access to TCPServerInfo::hostname when building the IPC tree’s name, as the name might be freed by the cifsd thread, potentially causi...

6AI score0.00167EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevents underflow in sofipc4prioritymaskdfswrite. The “id” field comes from the user. The type of this field should be changed to unsigned to prevent an array underflow...

7.8CVSS5.8AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The function ipcvalidatemsg now validates the response sizes. This function calculates the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon’s response to a...

7.1CVSS6AI score0.00125EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fixed a potential use-after-free issue in the work function. When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer called...

7.8CVSS5.6AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory overflow vulnerability was discovered in the ipc functionality of the memcg subsystem in the Linux kernel. This vulnerability occurs when a user calls the semget function multiple times, thereby creating semaphores. This flaw allows a local user to deplete resources, resulting in a denia...

5.5CVSS6.7AI score0.00345EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:42 p.m.21 views

Moderate: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

5.5CVSS6.2AI score0.00121EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.16 views

Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

5.5CVSS6.2AI score0.00121EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/14 9:0 p.m.11 views

Embedded Malicious Code

Overview node-ipc is an A nodejs module for local and remote Inter Process Communication IPC, Neural Networking, and able to facilitate machine learning. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an advanced credential-stealing infostealer. A...

9.8CVSS6AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/14 5:22 p.m.20 views

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - [email protected] [email protected]...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 4:53 p.m.16 views

Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/14 4:53 p.m.8 views

MAL-2026-3744 Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

5.8AI score
Exploits0References6
CVE
CVE
added 2026/05/14 2:51 p.m.17 views

CVE-2026-44482

CVE-2026-44482 affects the SoundCloud Client app (soundcloud-rpc) built on Electron. Before 0.1.8, a track title could contain an HTML payload that, via the preload API window.soundcloudAPI.sendTrackUpdate and IPC to the Electron main process, is rendered as raw HTML in privileged views with Node...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:47 p.m.34 views

CVE-2026-42045 LobeHub: Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

6.2CVSS0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

LobeHub 跨站脚本漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...

6.2CVSS5.9AI score0.00266EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43274

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

8.4CVSS5.7AI score0.00131EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 6:37 p.m.7 views

GHSA-37J4-88RP-2F6H Electerm's full process.env exposed to renderer via window.pre.env

Impact The getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer e.g., via the DevTools console or a compromised webview context...

6.5CVSS6AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 6:34 p.m.10 views

EUVD-2026-28512

Electerm runWidget has a path traversal that leads to arbitrary code execution...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References3
Rows per page
Query Builder