Malicious code in webmd-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5693e1af021faa1bcf410e9bdf757b9deebbae4505daa969275ef365e719227 The package webmd-debug was found to contain malicious code. Source: ghsa-malware b74e0fa5da459a8e2a346f0ad74dcf61ebdf972a7840b7f61292e46ea5aa58db An...

Malicious code in ofjaaah-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c8da6b0f3c7cb67171e251f86fdcd13d4809a9e46e59259c7fca02d1e463cab The package ofjaaah-internal-utils was found to contain malicious code. Source: ghsa-malware...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000613 advisory. The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive...

Astra Linux - уязвимость в openssl

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

Mozilla -- multiple vulnerabilities

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Denial-of-service in the DOM: Service Workers component. Information...

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and...

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort...

CVE-2018-14867

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...

CVE-2019-11867

Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0...

CVE-2020-10905

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

CVE-2022-27658

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000238 advisory. A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong...

CVE-2025-68547

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

PT-2025-54348

Name of the Vulnerable Software and Affected Versions Realbig versions through 1.1.3 Description An authorization issue exists in Realbig due to incorrectly configured access control security levels. This allows for potential exploitation of the system. Recommendations Update Realbig to a version...

MAL-2025-192974 Malicious code in rt-interactive-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9858817ec5f5e5af9db5f5033c3626e4214faa07e1169e950573bbca309a975e The package rt-interactive-card-collection was found to contain malicious code. Source: ghsa-malware...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgvalidatepipelinedesc function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...