11966 matches found
EulerOS Virtualization 2.13.0 : systemd (EulerOS-SA-2026-2419)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...
EulerOS Virtualization 2.13.1 : systemd (EulerOS-SA-2026-2390)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2026-23111 nftables LPE: exposure check and safe lab Def...
CVE-2026-49495
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...
MAL-2026-5657 Malicious code in @iobeya/spa-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ozonex-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5e40322806de6c1fc8ca77941438b3481f3f12059a9c34d13645c2a4b8a82c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in 0x2ai-demo6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
EUVD-2026-36197
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
CVE-2026-49759
CVE-2026-49759 affects Erlang OTP erts inet_drv SCTP error handling. The sctp_parse_error_chunk() writes cause codes into a fixed-size stack-allocated spec[] without bounds checks, allowing a remote attacker who has SCTP access to overflow the stack and crash the BEAM VM (DoS). A crafted SCTP ERR...
EEF-CVE-2026-49759 Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash
Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erts inet\drv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp\parse\error\chunk function in erts/emulator/drivers/common/inet\drv.c parses SCTP ERROR chunks and writes...
CVE-2026-52759
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate...
MAL-2026-5492 Malicious code in xnder-wrapper-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ff6538b76e9f03f65d8f16113bb6b606a59e59c172e9facb7de6ce0b523a7fb package.json declares "postinstall": "node scripts/script.js", causing scripts/script.js to run automatically on every npm install. That file is the...
NSA Ghidra 安全漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, such as version 12.1, contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the...