5676 matches found
MAL-2026-10564 Malicious code in micro-ui-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...
MAL-2026-10557 Malicious code in @cw-ui/micro-ui-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...
Malicious code in micro-ui-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...
WordPress Contact Form by Supsystic - Server-Side Template Injection
Contact Form by Supsystic WordPress plugin = 1.7.36 contains a server-side template injection caused by unsandboxed TwigLoaderString and cfsPreFill functionality, letting unauthenticated attackers execute arbitrary code remotely via GET parameters. id: CVE-2026-4257 info: name: WordPress Contact...
Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibRaw vulnerabilities (USN-8522-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8522-1 advisory. It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cau...
Malicious code in type-slint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b5573d4007a97d The npm package [email protected] masquerades as the pino logger copied module layout, exports as module.exports.pino, keywords fast/logger/stream/jso...
CVE-2026-55760
Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...
CVE-2026-29008
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
Malicious code in chai-presentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...
CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine()
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...
PYSEC-2026-1313 docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage
Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...
PYSEC-2026-1515 Langchain Community Vulnerable to XML External Entity (XXE) Attacks
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...
ROOT-APP-NPM-CVE-2022-37599 CVE-2022-37599 in @rootio/loader-utils - Patched by Root
Root has patched CVE-2022-37599 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-37601 CVE-2022-37601 in @rootio/loader-utils - Patched by Root
Root has patched CVE-2022-37601 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-37603 CVE-2022-37603 in @rootio/loader-utils - Patched by Root
Root has patched CVE-2022-37603 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2026-59089
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Tab...
CVE-2026-59089
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...
CVE-2026-59089
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...
CVE-2026-59089
GIMP contains a vulnerability in its PlayStation TIM loader: the CLUT size is computed by multiplying two 16-bit unsigned values (num_colors and num_cluts), which can overflow and exceed integer limits. This overflow triggers undefined behavior that causes the GIMP plug-in to abort when processin...
Linux Distros Unpatched Vulnerability : CVE-2026-14610
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file...