251647 matches found
CVE-2026-43633 HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted data into HTTP...
CVE-2026-43491
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...
CVE-2026-43491
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...
UBUNTU-CVE-2026-43491
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...
MAL-2026-4167 Malicious code in chai-as-attracted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc726eb0d6a986c4aa12ce23076c18cffa97d0f840303cac65d06415b42e1f70 The package chai-as-attracted was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-vec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...
CVE-2026-43491
The CVE-2026-43491 entry concerns the Linux kernel’s net: qrtr: ns component, where there was no bound on the number of server registrations per node. A malicious client could flood NEW_SERVER messages, exhausting memory. The published fix limits maximum server registrations to 256 per node; if a...
CVE-2026-43491
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...
MAL-2026-4165 Malicious code in paysafe-gbp-virtual-terminal-lib-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8437cc0ad1a14bf5694e8b5fbc17a0616033c1c473c6e71f46684172bc122ab3 The package paysafe-gbp-virtual-terminal-lib-fe was found to contain malicious code. Source: ossf-package-analysis...
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink...
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence...
MAL-2026-4164 Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is...
Malicious code in @openclaw-cn/toutiao-ops (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45eaa4686498502462c3ae8965153661403eedcea111d373214d99d76d433b92 The package @openclaw-cn/toutiao-ops was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3841 Malicious code in @openclaw-cn/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808f63e2460f19f5e3d3bd28745eaeb5f17a47226ad02c681e11069cd632765d The package @openclaw-cn/cli was found to contain malicious code. Source: ghsa-malware d44ce935cfbfa6f605998045f46eaa7a822658868ff8d774097bf02185e78a...
MAL-2026-4179 Malicious code in vfat-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ee0462aa0f5350c9bd21ced3b826fd647a29c72be05f97f21df514c459cc775a The OpenSSF Package Analysis project identified 'vfat-tools' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in vfat-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ee0462aa0f5350c9bd21ced3b826fd647a29c72be05f97f21df514c459cc775a The OpenSSF Package Analysis project identified 'vfat-tools' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-4178 Malicious code in sickle-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cf0ce8be09572968ecc56d1879825b49624c7346a7391f203ea27e9ed0805674 The OpenSSF Package Analysis project identified 'sickle-wrapper' @ 0.2.0 npm as malicious. It is considered malicious because: - The package...