McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

FreeRDP 资源管理错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained a resource management vulnerability. This vulnerability stemmed from the RDPEAR NDR parser acceptingNDR pointers with multiple logical pointer fields. It...

Linux Distros Unpatched Vulnerability : CVE-2026-49014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry...

EUVD-2026-31517

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network...

Malicious code in payment-account-input-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12187e6fb4ae4d3a411cea0c3ec8b995e1091a9cf78219db9fbcdac87540aabf On npm install, preinstall.js collects hostname, username, platform, cwd, timestamp, and a full dump of os.networkInterfaces and HTTP-GETs them as...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Use a static NDP16 location within the URB. The original code allowed the start of NDP16 to be anywhere within the URB, based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, which ma...

Astra Linux - уязвимость в chromium

Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic...

MAL-2026-3646 Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

MAL-2026-3380 Malicious code in justinleaguekems (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3386 Malicious code in yeahmankema (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in yeahmankema (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in crayrandomiz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3367 Malicious code in crayrandomiz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

EUVD-2025-209663

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

Oracle GoldenGate 安全漏洞

Oracle GoldenGate is a comprehensive software package developed by Oracle Corporation in the United States, used for real-time data integration and replication in IT environments. This product supports real-time data integration, transaction-based change data capture, data services, transformatio...

CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

SUSE CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-23448

A flaw was found in the Linux kernel's cdcncm module. An incorrect bounds check in the cdcncmrxverifyndp16 function, responsible for validating Network Data Protocol NDP entries, allows Datagram Pointer Entries DPE to extend beyond the intended buffer. This can lead to an out-of-bounds read when...

CVE-2026-23447

The CVE-2026-23447 issue concerns the Linux kernel USB CDC NCM driver (cdc_ncm). The root cause is a bounds-check failure in handling NDP32 frames where the DPE array size is not correctly validated against the skb length due to neglecting ndpoffset, allowing out-of-bounds reads when an NDP32 sit...