Lucene search
K

63 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fixed a deadlock between nfcunregisterdevice and rfkillfopwrite. A deadlock can occur between nfcunregisterdevice and rfkillfopwrite due to the inverted lock order between devicelock and rfkillglobalmutex. The problemat...

5.5CVSS5.5AI score0.00089EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: NFC: NULLed the dev-rfkill to prevent UAF The commit 3e3b5dfcd16a “NFC: reordered the logic in nfcun,registerdevice” assumes that the deviceisregistered function in the nfcdevup function will help to check when the rfkill is...

7.8CVSS6.4AI score0.00264EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:51 a.m.10 views

Malicious code in @my_name_is_khn/express-security-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:50 a.m.10 views

Malicious code in express-self-destruct (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/06/11 2:50 a.m.10 views

MAL-2026-5553 Malicious code in express-self-destruct (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:4 a.m.17 views

Malicious code in @emcd-vue/auth (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.15 views

Malicious code in @t-in-one/safe_local_storage_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.12 views

Malicious code in @t-in-one/form_product_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.13 views

Malicious code in @t-in-one/application_id_storage_key_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.9 views

MAL-2026-5039 Malicious code in @t-in-one/get_application_hid (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.10 views

MAL-2026-5044 Malicious code in @t-in-one/restore_application_hid_from_storage (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:39 p.m.13 views

Malicious code in pywingui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db77876bf3b13e55750748761841f7ab77f17bd951bdc1c749e1e56d4416d7e pywingui 6.0.1 advertises itself as a Win32 UI automation framework but ships only Nuitka-compiled cp311-win32.pyd binaries the 4.py files are trivia...

5.8AI score
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:6 a.m.3 views

wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()

...

7.8CVSS5.8AI score0.00126EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

6.5CVSS5.8AI score0.00504EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 4:15 p.m.13 views

CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

6.5CVSS0.00504EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:25 p.m.5 views

CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

5.3CVSS5.8AI score0.00504EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/07 3:25 p.m.38 views

CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

5.3CVSS0.00504EPSS
Exploits1References1
CVE
CVE
added 2026/03/07 3:25 p.m.23 views

CVE-2026-29781

Technical details about CVE-2026-29781 are not provided in the connected documents. Public info in these sources confirms the CVE exists but lacks affected product-specific details, root cause, or patch info. Monitor for official advisories.

6.5CVSS5.8AI score0.00504EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/07 3:25 p.m.5 views

CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

5.3CVSS5.8AI score0.00504EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/05 12:26 a.m.9 views

Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

6.5CVSS6AI score0.00504EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder