47 matches found
CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop= or...
Malicious code in koishi-plugin-fusheng-car (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bbb2f7cdae32f1a5012363b81298fd339c96b83718db535d77c0bdc0f936ec lib/index.js contains a hardcoded base64-encoded QQ user ID 'Mjc1OTcyMDE2MQ==' decoding to '2759720161' checked inside the plugin's permission gate...
PT-2026-39025
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ublk ctrl set size function. The issue occurs because the function calls set capacity and notify using ub-ub disk without verifying if the pointe...
CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...
CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...
EUVD-2026-21210
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...
CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop= or...
CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...
EUVD-2025-121643
Malicious code in start-stop-terser-hermes npm...
EUVD-1999-0737
Malware in sbrugna...
SUSE CVE-2025-39821
In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...
CVE-2025-39821
CVE-2025-39821 (Linux kernel perf - UBSAN risk) The issue is a logic flaw in perf event throttling where a group’s disabled member in PERF_EVENT_STATE_OFF could be throttle-started/stoppped, causing PMU drivers to receive an event with hw.idx = -1. This negative index is used as a shift exponent ...
CVE-2025-39821 perf: Avoid undefined behavior from stopping/starting inactive events
In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...
PT-2025-37966
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw where calling pmu-start/stop on perf events in PERF EVENT STATE OFF can lead to undefined behavior. This occurs when event-hw.idx is at -1, and PMU...
Linux Distros Unpatched Vulnerability : CVE-2024-46788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The startkthread and...
SUSE CVE-2025-22112
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array The bnxtqueuestart | stop access vnicinfo as much as allocated, which indicates bp-nrvnics. So, it should not reach bp-vnicinfobp-nrvnics...
DEBIAN-CVE-2025-22112
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array The bnxtqueuestart | stop access vnicinfo as much as allocated, which indicates bp-nrvnics. So, it should not reach bp-vnicinfobp-nrvnics...
UBUNTU-CVE-2025-22112
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array The bnxtqueuestart | stop access vnicinfo as much as allocated, which indicates bp-nrvnics. So, it should not reach bp-vnicinfobp-nrvnics...
The vulnerability of the Linux operating system’s kernel component “perf”, which allows a hacker to trigger a service failure
The vulnerability of the perf component in the Linux operating system’s kernel is related to errors in resource management functions such as pmusbictrstart and pmusbictrstop. Exploiting this vulnerability can allow an attacker to cause a service failure...
SUSE CVE-2016-2841
The ne2000receive function in the NE2000 NIC emulation support hw/net/ne2000.c in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via crafted values for the PSTART and PSTOP registers, involving ring buffer control...