Malicious code in @webda-infra/search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...

Malicious code in @web-3d-tool/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e96a726cf0732113215b2026a7a59fc6bf471f86d34153fea3a0e32b275fb5 @web-3d-tool/sdk is a near-empty package trivial 35-byte index.js, empty author/description metadata whose only effect on install is to pull in a...

SUSE CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

CVE-2026-41647

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...

CVE-2026-41647

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...

CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

CVE-2026-40195

CVE-2026-40195 affects Incus prior to v7.0.0, causing a nil-pointer dereference in the bucket-import path during bucket restoration from a malformed index.yaml. The bug occurs in CreateBucketFromBackup when srcBackup.Config is not validated (the code accesses srcBackup.Config.Bucket and related f...

GHSA-GC7J-G665-RXR9 Incus has a Nil-Pointer Dereference Panic via Bucket Metadata

Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...

PT-2026-37101

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage bucket import process allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The issue occurs in the backup...

CVE-2026-33743

A flaw was found in Incus, a system container and virtual machine manager. A user with access to Incus' storage bucket feature can exploit this vulnerability by using a specially crafted storage bucket backup. This can cause the Incus daemon to crash, leading to a denial of service of the control...

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

UBUNTU-CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

SUSE CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest - which may be files that they have also...

Missing Cryptographic Key Commitment

github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...