733065 matches found
OPENSUSE-SU-2026:21122-1 Security update for tomcat10
This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....
Cross-Site Scripting (XSS)
Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of namespaced script elements and attributes in the @angular/compiler and @angular/core packages, which allows an attacker to inject specially crafted namespaced templates that bypass Angular's...
Improper Request Routing
http-proxy-middleware is vulnerable to improper request routing. The vulnerability is due to unanchored substring matching in the host+path router selector logic, where configured host+path entries are matched against attacker-controlled request metadata using partial string comparisons instead o...
Denial Of Service (DoS)
@angular/common is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of the format parameter in the formatDate function, which allows an attacker to supply a maliciously crafted, excessively long date format string, causing excessive CPU and memory consumpti...
Malicious code in yian666aikf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...
MAL-2026-6234 Malicious code in yian666aikf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...
Malicious code in yianzzkf6687 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...
MAL-2026-6235 Malicious code in yianzzkf6687 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...
ghidra-12.1.2-rce-ace-calc-poc
Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...
SUSE CVE-2026-12047
HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text - and the related file-resolution and database-commit...
SUSE CVE-2026-12050
SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...
SUSE CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
[SECURITY] Fedora 43 Update: perl-Config-IniFiles-3.001000-1.fc43
Config::IniFiles provides a way to have readable configuration files outside your Perl script. Configurations can be imported inherited, stacked,..., sections can be grouped, and settings can be accessed from a tied hash...
[SECURITY] Fedora 44 Update: perl-Config-IniFiles-3.001000-1.fc44
Config::IniFiles provides a way to have readable configuration files outside your Perl script. Configurations can be imported inherited, stacked,..., sections can be grouped, and settings can be accessed from a tied hash...
kernel: Buffer overflow in drivers/xen/sys-hypervisor.c
A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...
Linux Distros Unpatched Vulnerability : CVE-2026-48933
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...
Photon OS 5.0: Linux PHSA-2026-5.0-0888
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0888. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2026:2458-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2458-1 advisory. This update for dnsmasq fixes the following issues - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or...
RockyLinux 10 : postfix (RLSA-2026:25930)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25930 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...
Linux Distros Unpatched Vulnerability : CVE-2026-48818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...