276193 matches found
python311-uv-0.10.11-1.1 on GA media (moderate)
python311-uv-0.10.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:10380-1 Rating: moderate Cross-References: CVE-2026-31812 CVSS scores: CVE-2026-31812 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-31812 SUSE : 6.9...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-2992
creationtimestamp| type| source ---|---|--- 2026-03-18 18:42:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhe5bkut732u 2026-03-18 19:06:20+00:00| seen| https://bsky.app/profile/potato.software/post/3mhe6mutq2p2w...
EUVD-2026-12829
The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...
EUVD-2026-12831
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1928 more potentially affected by CVE-2026-33151 via socket.io-parser (>=4.0.1-rc1 <=4.2.5)
socket.io-parser NPM version =4.0.1-rc1, =1.0.49, =1.0.0, =0.0.28, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =0.0.9 and more Source cves: CVE-2026-33151 Source advisory: OSV:GHSA-677M-J7P3-52F9...
CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...
CVE-2026-24062
The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24063
The CVE concerns Arturia Software Center on macOS. A plugin install creates an uninstall.sh script in a root-owned path with 777 permissions, writable by any user. During plugin uninstall, the Privileged Helper is instructed to execute this script. If an attacker manipulates the script, this can ...
CVE-2026-24063
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
CVE-2026-24062 Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center
The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...
CVE-2026-24062
The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...
CVE-2026-24062
The CVE-2026-24062 entry describes an issue in the MacOS Privileged Helper of Arturia Software Center where the Privileged Helper does not perform sufficient client code signature validation during XPC connections. This allows an attacker to connect to the helper and execute privileged actions, r...
CVE-2026-24062 Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center
The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...
Malicious code in technical-assignment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bb4466031b35e68c6b2433674215383e95538391f583e01c1800c758a61c53b The package technical-assignment was found to contain malicious code...
Malicious code in sky-enablement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9712856e1dd6e76d395507a76c21d01a945d4e5490e0d747384212a4a8b7c6df The package sky-enablement was found to contain malicious code...
Malicious code in hydra-node-consent-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e998f8c12c66f99b303fcb859d154aef24479204cf099b789871a4ee1a9943c The package hydra-node-consent-sdk was found to contain malicious code...