@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +27 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.111.10, =1.121.0-alpha.28, =1.169.18 and more Source cves: unknown CVE Source...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +27 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.111.10, =1.121.0-alpha.28, =1.169.18 and more Source cves: unknown CVE Source...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through an upstream type-confusion bug in seroval package. An attacker can trigger unintended execution of a different client-referenced server function by sending a specially...

CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

PT-2026-40845

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +109 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.30)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3490...

Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3490 Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Windows Kernel 安全漏洞

The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...

Microsoft Windows Kernel 安全漏洞

The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities present in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are...

Microsoft Windows DNS 安全漏洞

Microsoft Windows DNS is a domain name resolution service provided by Microsoft Corporation. The Domain Name System DNS is one of the industry-standard protocol suites that includes TCP/IP. Both DNS clients and DNS servers work together to provide name resolution services, mapping computer names ...

Microsoft Windows TCP/IP 代码问题漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...

Microsoft Win32k 输入验证错误漏洞

Microsoft Win32k is a system file used for multi-user management in Windows by Microsoft Corporation. There is an input validation vulnerability present in Microsoft Win32k. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems, Windows 10 Version 1809 for...

Microsoft Win32k 竞争条件问题漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There are competitive conditions vulnerabilities associated with Microsoft Win32k. The following products and versions are affected: Windows Server 2019 Server Core installation, Windows Server 2022, Windows...

Microsoft Windows TCP/IP 安全漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities present in Microsoft Windows TCP/IP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit Systems,...

Microsoft Win32k 输入验证错误漏洞

Microsoft Win32k is a system file used for multi-user management in Windows by Microsoft Corporation. There is an input validation vulnerability present in Microsoft Win32k. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems, Windows 10 Version 1809 for...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability related to access control in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windo...

Microsoft Win32k 安全漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There are security vulnerabilities in Microsoft Win32k. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Windows 11...

Microsoft Win32k 竞争条件问题漏洞

Microsoft Win32k is a system file used for multi-user management in Windows by Microsoft Corporation. There are vulnerabilities related to the behavior of Microsoft Win32k. The following products and versions are affected: Windows 10 Version 1809 for 32-bit Systems, Windows 10 Version 1809 for...