233 matches found
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the DispatchMDBMessageListenerImpl method. An attacker can achieve arbitrary code execution by providing crafted values in the JCA deployment descriptor ra.xml or runtime activation...
CVE-2026-50633
The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...
CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...
CVE-2026-45108
Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) contains an authentication bypass in the Device Authorization Grant (DAG) flow for versions 2.0.0–3.1.4 and 2.3.0–2.3.10. The root cause is in token_validate, which verified domain aliases but did not ensure the authentic...
CVE-2026-23124
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
CVE-2026-23124
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
EUVD-2026-5912
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
CVE-2026-23124 ipv6: annotate data-race in ndisc_router_discovery()
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
CVE-2026-23124
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the data competition between ndiscrouterdiscovery and in6dev-ramtu in IPv6, potentially leading t...
Linux Distros Unpatched Vulnerability : CVE-2025-68350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent...
EUVD-2025-205104
In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent modulo operation i % maxracount, leading to a system crash. When...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the maxracount value, which could result in a divide-by-zero error...
Malicious code in ra-auth-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...
EUVD-2025-199268
Malicious code in ra-auth-firebase npm...
MAL-2025-191413 Malicious code in ra-auth-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190864 Malicious code in ra-data-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e18e2fda31999ba999f5629853253dd8ff93b75237944d8c2971c2f54381cc13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ra-data-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e18e2fda31999ba999f5629853253dd8ff93b75237944d8c2971c2f54381cc13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-198963
Malicious code in ra-data-firebase npm...