Malicious code in monade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32631bc0128011d7e526d2665460d2e4562c2d50602e38218e2ad3078635726a [email protected] advertises itself as a JavaScript monad/flow utility library cjs/index.js exports flow, of, opt, ka, dev, yet ships a 976KB UPX-packed...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability was discovered in the drivers/usb/gadget/function/rndis.c file within the Linux kernel before version 5.16.10. The RNDIS USB gadget does not include validation for the size of the RNDISMSGSET command. Attackers can obtain sensitive information from the kernel memory...

CVE-2026-41086

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

Visual Studio Code Elevation of Privilege Vulnerability

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-43342

A flaw was found in the Linux kernel's USB gadget RNDIS Remote Network Driver Interface Specification function. This vulnerability arises from race conditions when RNDIS options are accessed concurrently through configfs, a file system that allows user-space programs to create and manage kernel...

EUVD-2026-28626

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This...

CVE-2026-43342

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This...

CVE-2026-43342

CVE-2026-43342 concerns the Linux kernel USB gadget RNDIS driver (f_rndis). The issue arises from race conditions when RNDIS options (class/subclass/protocol) are accessed concurrently via configfs, enabling unsafe concurrent access. The remediation implemented is to protect these options using a...

PT-2026-38742

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...

PT-2026-38993

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the USB gadget RNDIS driver where class, subclass, and protocol options can be accessed concurrently through configfs. This issue was discovered during code...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reusing of resources after they were released in Chromoting, which could allow remote attackers to execute...

CVE-2026-31722

A flaw was found in the Linux kernel's USB gadget RNDIS Remote Network Driver Interface Specification function. During the unbinding process of a USB gadget device, the associated network device netdevice may not be correctly reparented, resulting in dangling symbolic links within the system's...

CVE-2026-34271

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

EUVD-2026-24332

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...

CVE-2026-34289

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011142 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: rndishost: Secure rndisquery check against int overflow Variables off and len typed as uint3...

EUVD-2026-24012

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

IBM WebSphere Application Server Liberty 代码问题漏洞

IBM WebSphere Application Server Liberty is a Java application server developed by IBM, based on the Open Liberty project. Versions of IBM WebSphere Application Server Liberty 26.0.0.3 and earlier contain code vulnerabilities that are susceptible to server-side request forgeing attacks. These...

EUVD-2026-13486

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

PT-2026-24326

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL injection issue. This allows an authorized attacker to eleva...