CVE-2025-15326

Tanium addressed an improper access controls vulnerability in Patch...

CVE-2025-15337 Tanium addressed an incorrect default permissions vulnerability in Patch.

Tanium addressed an incorrect default permissions vulnerability in Patch...

EUVD-2026-5371

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

CVE-2025-15013

A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function sgvalidatepipelinedesc in the library sokolgfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is...

EUVD-2025-202929

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups /api/prompts/groups/:groupId. However, the request bodies are not sufficiently validated for prop...

EUVD-2019-5066

Malware in sbrugna...

EUVD-2014-9447

Malware in sbrugna...

EUVD-2017-14641

Malware in sbrugna...

EUVD-2004-2682

Malware in sbrugna...

EUVD-2021-1022

Malware in sbrugna...

EUVD-2015-1555

Malware in sbrugna...

EUVD-2010-1699

Malware in sbrugna...

EUVD-2018-13506

Malware in sbrugna...

EUVD-2025-24049

Malicious code in bioql PyPI...

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

...

Linux Distros Unpatched Vulnerability : CVE-2023-2977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart...

Linux Distros Unpatched Vulnerability : CVE-2018-20230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function readbytesinternal in utilities/pspp-dump-sav.c, which allows...