251691 matches found
EUVD-2026-26524
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...
CVE-2026-31715
In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...
Malicious Package
Overview blackbeards-navigator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in path-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11d09848fb828ae851ef7b905f793e3b5876ee2a5ef4b4f8bf06d631ea904d78 On require'path-addon', top-level code in path.js fetches a base64-encoded URL decoding to https://www.jsonkeeper.com/b/YEHJY and passes the response...
MAL-2026-3310 Malicious code in gweb-build-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e936ec36e6d3de012d7e5815e450c5339f9e297b8b605bb7ccc64a441fd0d5ef The package gweb-build-system was found to contain malicious code. Source: ghsa-malware...
Exploit for CVE-2026-31431
CVE-2026-31431 Mitigation for Deckhouse Kubernetes Platform...
EUVD-2026-26474
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
Exploit for CVE-2026-31431
CVE-2026-31431 / GHSA-2274-3hgr-wxv6 — algifaead Remediator...
PT-2026-36295
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
n8n Node.js Package < 1.123.32 / 2.x < 2.17.4 / 2.18.x < 2.18.1 XML Node Prototype Pollution RCE (GHSA-hqr4-h3xv-9m3r)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.32, 2.x prior to 2.17.4, or 2.18.x prior to 2.18.1. It is, therefore, affected by a remote code execution vulnerability: - An authorized user with workflow creation or modification capabilities can exploit...
PT-2026-38392
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows sandboxed code to crash the host Node.js process. This occurs when a Promise constructor triggers an unhandled rejection that propagates to the host. Specifically, when sandboxed...
PT-2026-36470
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system during the inactivation of an inode with node-format extended attributes. The function xfs attr3 node inactive invalidates child leaf or node block...
Bitwarden CLI 操作系统命令注入漏洞
Bitwarden CLI is a command-line password management tool provided by Bitwarden Corporation. Version 2026.4.0 of Bitwarden CLI contains a vulnerability related to operating system command injection, which stems from the embedding of malicious code when retrieving it via npm...
PT-2026-36345
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the f2fs component of the Linux kernel. The issue occurs in the f2fs write end io function when sbi-nr pagesF2FS WB CP DATA is decremented to zero...
PT-2026-36458
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the qrtr tx flow component. The radix tree create function allocates and links intermediate nodes into the tree sequentially. If a subsequent allocation fails,...
MAL-2026-3313 Malicious code in service-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0624202d6a746245b4be59c683dc5b0ca64a43bc9524db9388f9f0a7be45d57 The package service-gateway was found to contain malicious code. Source: ghsa-malware 0e3831827037ebf97303c3c075e47b0e1ece3d2c6b38ca75aa2b3d1f7d0a2f0...
Malicious code in intercom-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...