CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-8879

CVE-2026-8879 affects the Securly Chrome Extension (v3.0.7). It dynamically registers content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), bypassing manifest.json and the Chrome Web Store review. The script runs on all URLs, hides page content, displays a...

PT-2026-46051

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software dynamically registers content13.min.js as a content script at runtime using the chrome.scripting.registerContentScripts function. Because this script is not declared in the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the percpuref in the md/md-llbitmap driver. This vulnerability causes permanent damage if the pau...

PT-2026-43459

Summary The renderLimit option — documented in docs/source/tutorials/dos.md as the mechanism that "mitigates this by limiting the time consumed by each render call" — can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The per-iteration time check is reached only when the...

Malicious code in koishi-plugin-fusheng-car (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bbb2f7cdae32f1a5012363b81298fd339c96b83718db535d77c0bdc0f936ec lib/index.js contains a hardcoded base64-encoded QQ user ID 'Mjc1OTcyMDE2MQ==' decoding to '2759720161' checked inside the plugin's permission gate...

PT-2026-43221

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the race condition between balance operations and cancel/pause requests. Syzbot reported a panic that appears as follows: Assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:4...

CVE-2026-42592

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

curl: HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB

Hi all, When a libcurl application's CURLOPTWRITEFUNCTION returns CURLWRITEFUNCPAUSE, libcurl routes subsequent incoming body data through cw-pause lib/cw-pause.c. The bufq inside cw-pause is initialised with BUFQOPTSOFTLIMIT and a chunk size of 16 KiB lib/cw-pause.c:51-52, which causes bufq to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca "fs/dax: don't skip locked entries when scanning entries" introduced a new function, waitentryunlockedexclusive, which waits for the current entry ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the BUGON condition in btrfscancelbalance. Pausing and canceling balance can race to interrupt balance, leading to a BUGON panic in btrfscancelbalance. The BUGON condition in btrfs CancelBalance does not take this ra...

@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

Malicious Package

Overview chai-as-pause is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1013 Malicious code in chai-as-pause (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6bc450b711e5bfeca160d6a4836ce78f7da759812438fbf0701cf8c2f95e38d The package chai-as-pause was found to contain malicious code. Source: ghsa-malware 58583a4b9f33e23b3cafb853c51539fbe79e149a4d6e5cdfafa98713d32e64cd...

Malicious code in chai-as-pause (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6bc450b711e5bfeca160d6a4836ce78f7da759812438fbf0701cf8c2f95e38d The package chai-as-pause was found to contain malicious code. Source: ghsa-malware 58583a4b9f33e23b3cafb853c51539fbe79e149a4d6e5cdfafa98713d32e64cd...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the pause state for the calctarget component. This vulnerability may cau...

CVE-2025-71104

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

CVE-2025-71104 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...