172 matches found
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...
Malicious code in @emcd-vue/auth (npm)
Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...
@vibedeckx/linux-x64 (=0.1.12), @waggle-ai/waggle (=1.0.0) +1 more potentially affected by CVE-2026-34076 via @clerk/fastify (=3.1.32)
@clerk/fastify NPM version =3.1.32 is affected by a known vulnerability. The following packages have a transitive dependency on @clerk/fastify and may be impacted: - @vibedeckx/linux-x64 =0.1.12 - @waggle-ai/waggle =1.0.0 - vibedeckx =0.1.12 Source cves: CVE-2026-34076 Source advisory:...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 10.0.4 or higher. References - Vulnerability Advisor...
EUVD-2025-198922
Malicious code in @postman/pm-bin-linux-x64 npm...
Malicious code in @postman/pm-bin-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94045a09bfa0905195be4f028d9e42bcf608154a645b14b2028754dc6e787b80 The package @postman/pm-bin-linux-x64 was found to contain malicious code. Source: google-open-source-security...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINLINUXX64-14103292...
Malicious code in athira-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e427393183e173f65795c42251b41cf0af7ad267e64f05e6651dc4e0766b150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4470 Malicious code in athira-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e427393183e173f65795c42251b41cf0af7ad267e64f05e6651dc4e0766b150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can execute arbitrary code by sending malicious requests designed to exploit the vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 9.0.1 or higher. References -...
Malicious code in sharp-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9842 Malicious code in sharp-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sharp-libvips-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9841 Malicious code in sharp-libvips-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in nx-linux-x64-gnu (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9738 Malicious code in nx-linux-x64-gnu (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in cli-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-25707
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...