MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

Astra Linux - уязвимость в firefox, thunderbird

Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free condition, potentially causing a crash that can be exploited. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Malicious code in chalk-tempalte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e82f6fa2867575be5e57fd3b03dada6a93761c97b240f77f98f4b221bde7a7 Package name chalk-tempalte is a single-character transposition of the popular chalk-template package a top-tier npm utility, consistent with...

SUSE CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

GHSA-3C93-G9G6-P5J4 Velocidex Velociraptor has an authorization bypass vulnerability

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

RHCOS 4 : OpenShift Container Platform 4.16.44 (RHSA-2025:10782)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10782 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.19.1 (RHSA-2025:9279)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9279 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

Linux Distros Unpatched Vulnerability : CVE-2026-3805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Note that Nessus...

CVE-2026-26102

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

CVE-2026-26096

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

CVE-2026-26101

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

CVE-2026-2333

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-26093

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-26095

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

CVE-2026-26097

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

CVE-2026-26099

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

CVE-2026-2333

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-26097

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

CVE-2026-26095

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...