252649 matches found
Malicious code in dgxeon-soket-buttonx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a92a6c68bc523541697f8bb80096a0b9425efac6c8413c08e4dea82afad4e4a The package dgxeon-soket-buttonx was found to contain malicious code. Source: ghsa-malware...
Malicious code in dgxeon-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41bea5fa12db95f82f32ef9f61f3e7dc60e7ef381589dff3780e758c19441f5 The package dgxeon-baileys was found to contain malicious code. Source: ghsa-malware 6c59d91ff6ae7727c79a7dfac9d7a7251193e519cf4f1f846a7368c1db065340...
Malicious Package
Overview secure-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-2251 Malicious code in testtestsharp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76d90d4c0413d045792eb3caf31ab7aa89d88854a891b2327107997b39eef91 The package testtestsharp was found to contain malicious code. Source: ghsa-malware a60a14bbd40854d1657cc0976cb3cd48a5cf74e75ed0be4db3d263ccbb782392...
CVE-2026-33726
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
EUVD-2026-16420
In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...
EUVD-2026-16422
Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...
CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
CVE-2026-33726
CVE-2026-33726 affects Cilium’s eBPF dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing...
CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
flannel 命令注入漏洞
Flannel is an open-source Kubernetes cluster networking solution developed by flannel-io. Versions of Flannel prior to 0.28.2 contained a command injection vulnerability. This vulnerability originated from the experimental Extension backend. Attackers could exploit this vulnerability by setting u...
Linux Distros Unpatched Vulnerability : CVE-2026-33532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior...
PT-2026-28604
Name of the Vulnerable Software and Affected Versions Zebra versions prior to 4.3.0 Description A flaw exists in Zebra’s transaction processing logic that allows a remote, unauthenticated attacker to cause a Zebra node to crash. This is triggered by sending a specially crafted V5 transaction that...
Important: nodejs20
Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...
PT-2026-51782
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.25 n8n versions prior to 2.11.2 Description An authenticated user with permissions to create or modify workflows can exploit a flaw in the CSS sanitization of the Form Trigger node to store a cross-site scripting XS...
PT-2026-28434
Name of the Vulnerable Software and Affected Versions Flannel versions prior to 0.28.2 Description Flannel, a network fabric for containers designed for Kubernetes, contains a command injection issue in its experimental Extension backend. An attacker who can set Kubernetes Node annotations can...
CVE-2026-0748
A flaw was found in the Drupal 7 Internationalization i18n module, specifically within its i18nnode submodule. A user possessing both "Translate content" and "Administer content translations" permissions can exploit this vulnerability. By utilizing the translation user interface UI and its...
CVE-2026-33713
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...
CVE-2026-33696
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...