MAL-2026-4430 Malicious code in @saidddddddddd/somethingelse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js,...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

WordPress plugin NEX-Forms – Ultimate Form Builder – Contact forms and much more 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin NEX-Forms - Ultimate Form Builder - Contact forms and much...

Linux Distros Unpatched Vulnerability : CVE-2023-31124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cros...

The vulnerability of the autotools CARES_RANDOM_FILE component in the C-ares asynchronous DNS query library allows a attacker to compromise the integrity of the protected information.

The vulnerability of the CARESRANDOMFILE component in the C-ares asynchronous DNS query library is related to the use of rand as a backup mechanism. This allows attackers to exploit the absence of entropy, without using CSPRNG. Exploiting this vulnerability enables remote attackers to compromise...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

AutoTools does not set CARES_RANDOM_FILE during cross compilation

...

SUSE CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

SUSE-SU-2020:3231-1 Security update for yast2-multipath

This update for yast2-multipath to version 3.2.2 fixes the following issues: - CVE-2018-17955: Use random file name instead of static names bsc1117592...

CVE-2019-19702

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...

PYSEC-2019-251

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...

glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...