CVE-2019-25388

The vulnerability CVE-2019-25388 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, specifically the ipblock.cgi endpoint. It is a reflected cross-site scripting flaw where a crafted POST request can inject script tags through SRC_IP and COMMENT parameters, allowing arbitrary JavaScript exe...

Malicious Package

Overview ambar-src is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2026-920 Malicious code in ambar-src (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de85b3ce658bcfa8f19ed5eeddcdf918f1c269d4fb09eb35804eca9a1ef98a68 The package ambar-src was found to contain malicious code. Source: ghsa-malware 1b3e3fc21cb40fafadf65d25ca331573096b3c7e36c681f4ec213b40931296f8 Any...

Malicious code in ambar-src (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de85b3ce658bcfa8f19ed5eeddcdf918f1c269d4fb09eb35804eca9a1ef98a68 The package ambar-src was found to contain malicious code. Source: ghsa-malware 1b3e3fc21cb40fafadf65d25ca331573096b3c7e36c681f4ec213b40931296f8 Any...

Linux Distros Unpatched Vulnerability : CVE-2026-23123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to vali...

CVE-2026-23123

In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...

CVE-2026-23123

In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...

Malicious Package

Overview json-mapping-src is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-15564

A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used...

CVE-2025-15564

A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used...

CVE-2026-25749

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the gettagfname function in src/tag.c. When processing help file tags,...

CVE-2026-25634 iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

CVE-2026-1909

The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for authenticated attackers,...

CVE-2026-1909

The WaveSurfer-WP WordPress plugin is affected by a Stored Cross-Site Scripting (XSS) flaw in all versions up to and including 2.8.3, caused by insufficient input sanitization and output escaping on the 'src' attribute of the audio shortcode. Authenticated attackers with Contributor-level access ...

EUVD-2026-5585

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

libfastcommon 安全漏洞

libfastcommon is a C language code library developed by YuQing personally. Versions of libfastcommon prior to 1.0.84 contained security vulnerabilities. These vulnerabilities stemmed from incorrect operations on the base64decode function in the src/base64.c file, which could lead to stack-based...

PT-2026-6793

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.4 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A stack buffer overlap exists in the CIccTagMultiProcessElement::Apply...

VulnCheck KEV: CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

EUVD-2020-30917

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

BerliCRM SQL Injection Vulnerability

berliCRM is a customer management system developed by the German company berliCRM. Version 1.0.24 of berliCRM contains a SQL injection vulnerability. This vulnerability stems from the srcrecord parameter in the index.php endpoint, which may lead to manipulative database queries...