CVE-2026-40863

CVE-2026-40863 affects PhpSpreadsheet’s SpreadsheetML XML reader. An attacker can craft an XML with an oversized ss:Index (e.g., 999999999) on a , inflating the internal cachedHighestRow to ~1 billion and causing CPU exhaustion during row iteration. This leads to denial of service when processing...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Reader\Xml process when processing SpreadsheetML XML files containing a crafted ss:Index...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001320)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001320 advisory. The loadsegmentdescriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003629 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001195 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003536 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

EUVD-2025-147410

Malicious code in tusaaya-ss-r2fe npm...

EUVD-2025-147409

Malicious code in tusaaya-ss-rfe npm...

EUVD-2019-14769

Malware in sbrugna...

EUVD-2014-4481

Malware in sbrugna...

EUVD-2025-11621

Malicious code in bioql PyPI...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-48976, CVE-2025-36097)

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-48976, CVE-2025-36097. This has been addressed in the remediation section. Vulnerability...

CVE-2025-58837

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through = 4.1.3...

Linux Distros Unpatched Vulnerability : CVE-2019-5164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can...

MAL-2025-41421 Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

Malicious code in @zalastax/nolb-react-ss (npm)

The package @zalastax/nolb-react-ss was found to contain malicious code...

MAL-2025-13774 Malicious code in @zalastax/nolb-react-ss (npm)

The package @zalastax/nolb-react-ss was found to contain malicious code...

MAL-2025-12693 Malicious code in @zalastax/nolb-node-ss (npm)

The package @zalastax/nolb-node-ss was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2021-47057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dmaiv fails to map In the case where the...