DEBIAN-CVE-2026-11225

Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...

MAL-2026-4431 Malicious code in @scp3500/openvl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee1ab6796d8af462e9f00e82a28545b72eae4d9d9f0ab0f36ca4b09cd29487c scripts/mcpserver.js loads childprocess, fs, and http, reads from process.env, and issues HTTP POST requests to a hardcoded external destination at...

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

EUVD-2015-2841

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-16855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while...

Malicious code in graph-studio-billing-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd4325b249b7dfad124c21ffe39f85d2e38f1b6c2d31361f81e821adb8365ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Web page rendering module in WebKit operating systems for macOS, iOS, iPadOS allows attackers to intercept DNS requests with the Private Relay enabled.

The vulnerability of the Web page rendering module in WebKit operating systems for macOS, iOS, and iPadOS is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to remotely intercept DNS requests with Private Relay enabled...

Malvertisers Using Google Ads to Target Users Searching for Popular Software

Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute...

SUSE CVE-2004-0836

Buffer overflow in the mysqlrealconnect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length hlength...

SUSE CVE-2018-16855

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash...

UBUNTU-CVE-2021-38018

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

Knockpy 4.1.1 CSV Injection

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...

Knockpy 4.1.1 - CSV Injection

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...

DEBIAN-CVE-2019-13676

Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

DEBIAN-CVE-2018-16855

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash...

CVE-2017-12844

Cross-site scripting XSS vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name...

DEBIAN-CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of the libxl toolstack library in Xen hypervisors lies in the improper implementation of the file mapping procedures used by kernels and disks during initial initialization when working with domains within the same process. Exploiting this vulnerability can allow a malicious act...

Xen unspecified domctl operation denial of service vulnerability

Xen is a virtualization technology for the Linux kernel that allows multiple operating systems to run simultaneously. A security vulnerability exists in Xen when using toolstack decomposition. A denial-of-service attack is allowed on a remote domain under partial administrative control via an...

CVE-2015-2751

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...