Malicious code in koishi-plugin-fusheng-car (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bbb2f7cdae32f1a5012363b81298fd339c96b83718db535d77c0bdc0f936ec lib/index.js contains a hardcoded base64-encoded QQ user ID 'Mjc1OTcyMDE2MQ==' decoding to '2759720161' checked inside the plugin's permission gate...

PT-2026-39025

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ublk ctrl set size function. The issue occurs because the function calls set capacity and notify using ub-ub disk without verifying if the pointe...

CVE-2026-39848

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

EUVD-2026-21210

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

CVE-2026-39848

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop= or...

EUVD-2025-121643

Malicious code in start-stop-terser-hermes npm...

EUVD-1999-0737

Malware in sbrugna...

SUSE CVE-2025-39821

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...

CVE-2025-39821 perf: Avoid undefined behavior from stopping/starting inactive events

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...

CVE-2025-39821

CVE-2025-39821 (Linux kernel perf - UBSAN risk) The issue is a logic flaw in perf event throttling where a group’s disabled member in PERF_EVENT_STATE_OFF could be throttle-started/stoppped, causing PMU drivers to receive an event with hw.idx = -1. This negative index is used as a shift exponent ...

PT-2025-37966

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw where calling pmu-start/stop on perf events in PERF EVENT STATE OFF can lead to undefined behavior. This occurs when event-hw.idx is at -1, and PMU...

Linux Distros Unpatched Vulnerability : CVE-2024-46788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The startkthread and...

SUSE CVE-2025-22112

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array The bnxtqueuestart | stop access vnicinfo as much as allocated, which indicates bp-nrvnics. So, it should not reach bp-vnicinfobp-nrvnics...

DEBIAN-CVE-2025-22112

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array The bnxtqueuestart | stop access vnicinfo as much as allocated, which indicates bp-nrvnics. So, it should not reach bp-vnicinfobp-nrvnics...

UBUNTU-CVE-2025-22112

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array The bnxtqueuestart | stop access vnicinfo as much as allocated, which indicates bp-nrvnics. So, it should not reach bp-vnicinfobp-nrvnics...

SUSE CVE-2016-2841

The ne2000receive function in the NE2000 NIC emulation support hw/net/ne2000.c in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via crafted values for the PSTART and PSTOP registers, involving ring buffer control...

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

Siemens S7-1200 - Unauthenticated Start/Stop Command

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Date: 09/03/2022 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -...