12152 matches found
ROOT-APP-NPM-AIKIDO-2026-10724 AIKIDO-2026-10724 in @rootio/vm2 - Patched by Root
Root has patched AIKIDO-2026-10724 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...
CVE-2026-49353
Summary (CVE-2026-49353): 9Router before 0.4.46 has a local‑only access gate in src/dashboardGuard.js that relies on Host and Origin headers to classify requests as local. In proxied/tunneled deployments (reverse proxy, Cloudflare Tunnel, Tailscale), these headers are attacker‑controlled, enablin...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
CVE-2025-8412
The CVE-2025-8412 entry concerns the SUSE Virtual Machine Driver Pack. A BUFFER overflow can occur in the RtlQueryRegistryValues function when an attacker able to modify the registry interacts with the driver, affecting integrity. Affected scope is the Virtual Machine Driver Pack up to the build ...
EUVD-2025-210459
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...
CVE-2025-8412
A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...
Malicious code in flick-test-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
Malicious code in abuden223 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b3eb424174fa150faf06029c6808e9bb0e7e235b73c0b9fc8a6fe33e32fa8b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e18070e680629849560dab1723a73f80d61312d0a9efe429b0c8f43b2177bbd The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in omglucidesotuff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in pure-folder-three (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e83bf74d7c84c48a1a478d7bb40bbd899c4fda613f1512b66184d3de478b480 [email protected] executes attacker-controlled shell commands on install and on import. The postinstall entry src/build.js decodes an obfuscate...
RLSA-2026:36956 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange CVE-2025-71066 kernel: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL...
CVE-2026-45196
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...
CVE-2026-45203
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
EUVD-2026-43043
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...