251691 matches found
Astra Linux - уязвимость в node-loader-utils
A prototype pollution vulnerability exists in the parseQuery function in parseQuery.js, within the webpack-loader-utils module. This issue affects all versions prior to 1.4.1 and 2.0.3...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fixed the OF node leak during probe operations. The reference to the sync provider’s OF node during platform device probing is currently only dropped if the setsync callback fails during DAI probe. Ensure that t...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerabilities have been resolved: ARM: exynos: Fixed a refcount leak in exynosmappmu. The offindmatchingnode function returns a node pointer with a refcount incremented. We should use ofnodeput on this pointer when it is no longer needed. Added missing ofnodep...
Astra Linux - уязвимость в libraw
In LibRaw, there is an out-of-bounds write vulnerability within the "newnode" function libraw\src\x3f\x3futilspatched.cpp that can be triggered via a crafted X3F file...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration requests to invalid nodes. The damonmigratepages function attempts migration even if the target node is invalid. If users mistakenly make such invalid requests via the DAMOSMIGRATEHOT,COLD...
Astra Linux - уязвимость в node-body-parser
body-parser is a Node.js body parsing middleware. body-parser version 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue has...
Astra Linux - уязвимость в node-ini
This affects the package ini before version 1.3.6. If an attacker submits a malicious INI file to an application that parses it using ini.parse, they will corrupt the prototype within the application. This can be further exploited depending on the context...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Fixed error handling in mt8195mt6359rt1019rt5682devprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This...
Astra Linux - уязвимость в node-minimatch
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...
Astra Linux - уязвимость в node-tar
node-tar is a fully featured Tar library for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink within the extraction directory that points to a file outside of the extraction root. This allows arbitrary file reading and writing b...
websec-sql-injection
WebSec SQL Injection Учебный backend-проект по безопасности в...
@aaasd/pocpoc (=99.99.9996), internal-company-module-test-1337 (>=99.99.9991 <=99.99.9995) potentially affected by unknown CVE via internal-company-module-test-1337 (=99.99.9996)
internal-company-module-test-1337 NPM version =99.99.9996 is affected by a known vulnerability. The following packages have a transitive dependency on internal-company-module-test-1337 and may be impacted: - @aaasd/pocpoc =99.99.9996 - internal-company-module-test-1337 =99.99.9991, =99.99.9995...
MAL-2026-3297 Malicious code in ally-call-wait-time (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20246193f2fbde13a2dccd6325c1d46a7fec7e8491b4df3ae6fefa85eff99bbf The package ally-call-wait-time was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3289 Malicious code in @allybank/ally-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33aa2edae61b25d620c43d0a5a6223ff28bd128a7fdb5525d25b5c867d52568 The package @allybank/ally-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3295 Malicious code in ally-antivirus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...
MAL-2026-3292 Malicious code in @breeze-ai/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ca524608c9ab3d41715be26a354c2a643216f0bb79c8aec50de4f5e6b6ee523 The package @breeze-ai/ui-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in apcyber-test-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4386e2b20fb74fe5b131a23550b9550b4539a3f79056ea8ad08f502453409737 The package apcyber-test-package was found to contain malicious code. Source: ghsa-malware...
Malicious code in ally-whitelist (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db0425c83302370ea529e2baaabc1ada94b5515fb01d3437ed45bbc766e4e8f4 The package ally-whitelist was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3290 Malicious code in @allyfinancial/allyfinancial-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274ff2ac2c7d1051fa268e63d390bb70d6b731bcdaebb94f87251067b62d37af The package @allyfinancial/allyfinancial-api was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3301 Malicious code in ally-json-threat-protect (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb4a9c944048dc2fdb9d7ee1039eff0984813556164a746b249d5e4aaa80069f The package ally-json-threat-protect was found to contain malicious code. Source: ghsa-malware...