Lucene search
+L

421 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in @oliviamcdaniel12/safer-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...

6.1AI score
Exploits0References3
OSV
OSV
added 3 days ago2 views

MAL-2026-10442 Malicious code in @oliviamcdaniel12/safer-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...

6.1AI score
Exploits0References3
Nuclei
Nuclei
added 3 days ago194 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.4AI score0.74519EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2026/06/29 12:0 a.m.7 views

perl-IO-Compress security update

2.081-2 - Remove use of eval in File::GlobMapper for safer string interpolation - Resolves: RHEL-180411...

7.8CVSS5.8AI score0.00292EPSS
Exploits3
NVD
NVD
added 2026/06/16 8:16 p.m.11 views

CVE-2026-47750

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

7.8CVSS0.0018EPSS
Exploits1References3
CVE
CVE
added 2026/06/16 6:17 p.m.71 views

CVE-2026-47750

The CVE-2026-47750 issue affects stable-diffusion.cpp in its pickle (.ckpt) parser (src/model.cpp). A heap buffer overflow occurs in the GLOBAL opcode handler due to missing validation while locating newline-delimited fields; a crafted .ckpt from an untrusted source can cause the parser to copy w...

7.8CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/16 5:23 p.m.5 views

CVE-2026-47749 stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...

7.8CVSS6.5AI score0.00203EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/06/08 11:8 p.m.15 views

nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

5.5AI score0.00052EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/04 5:2 p.m.32 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

7.5CVSS0.00464EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

7.7CVSS5.5AI score0.00221EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in GhostScript

In Artifex Ghostscript version 10.01.2, the gdevijs.c file in GhostPDL can lead to remote code execution through crafted PostScript documents. This occurs because the IJS device can be switched, or the IjsServer parameter can be changed, after SAFER has been activated. NOTE: It is a documented ri...

8.8CVSS8.6AI score0.0468EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: dev/parport: The issue of array out-of-bounds access has been fixed. Array out-of-bounds issues caused by sprintf have been addressed by replacing it with snprintf. This ensures safer data copying and prevents the destination...

7.8CVSS6.5AI score0.00234EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.24 views

YARA-X 1.16.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 1:57 a.m.22 views

CLSA-2026-1777946242 php: Fix of 13 CVEs

CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...

8.8CVSS7AI score0.9523EPSS
Exploits21References1
NVD
NVD
added 2026/03/26 9:17 p.m.12 views

CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

4.3CVSS0.00273EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/02/06 12:0 a.m.6 views

YARA-X 1.13.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/28 12:0 a.m.4 views

YARA-X 1.12.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.12 views

Astra Linux – Vulnerability in GhostScript

A issue was discovered in Artifex Ghostscript prior to version 10.03.1. In the file psi/zmisc1.c, when SAFER mode is used, it allows the use of eexec seeds that deviate from the Type 1 standard...

5.5CVSS6.7AI score0.0033EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Separating the handling of no-async decryption requests from async. If we are not using async, the handling is much simpler. There is no reference counting; we simply need to wait for the completion to wake us up and return...

7.8CVSS6.5AI score0.00143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 4 : ghostscript-8.70-23.AXS4.2 (AXSA:2017-1651:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1651:03 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics...

7.8CVSS7.4AI score0.96968EPSS
Exploits7References2
Rows per page
Query Builder