MAL-2026-575 Malicious code in syntax-jsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fd1189ee316a8c3e44060564a0bbcf1fd7409333cfb2f2e5035271f94b93f27 The package syntax-jsx was found to contain malicious code. Source: ghsa-malware b04dc357cbf3cdb2e7e66b09a4ba49cd101d7f3e5be0655514403145bdbff762 Any...

MAL-2026-559 Malicious code in syntax-async-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d14dae07d53bcd3b3da9693bf5facb7518fafafe8cc2c54d93cd59ec7a28f1 The package syntax-async-functions was found to contain malicious code. Source: ghsa-malware...

Malicious code in syntax-async-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d14dae07d53bcd3b3da9693bf5facb7518fafafe8cc2c54d93cd59ec7a28f1 The package syntax-async-functions was found to contain malicious code. Source: ghsa-malware...

CVE-2026-24881

A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component...

[SECURITY] Fedora 42 Update: curl-8.11.1-7.fc42

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

ShellForge: Adversarial Co-Evolution of Webshell Generation and Multi-View Detection for Robust Webshell Defense

Webshells remain a primary foothold for attackers to compromise servers, particularly within PHP ecosystems. However, existing detection mechanisms often struggle to keep pace with rapid variant evolution and sophisticated obfuscation techniques that camouflage malicious intent. Furthermore, many...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

EUVD-2026-4768

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

CVE-2026-24881 affects GnuPG up to version 2.5.16; the issue arises when processing a crafted CMS (S/MIME) EnvelopedData message with an oversized wrapped session key, causing a stack-based buffer overflow in the gpg-agent during PKDECRYPT--kem=CMS handling. This vulnerability can lead to denial ...

AZL-78579 CVE-2026-22796 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

EUVD-2025-206379

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData...

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

CVE-2025-68859

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through = 3.0.83.3...

CVE-2025-68859

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through = 3.0.83.3...

CVE-2025-68859 WordPress Syntax Highlighter Compress plugin <= 3.0.83.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through = 3.0.83.3...

CVE-2025-68859 WordPress Syntax Highlighter Compress plugin <= 3.0.83.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through = 3.0.83.3...

CVE-2025-68859

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through = 3.0.83.3...

CVE-2025-68859

CVE-2025-68859 affects the WordPress plugin Syntax Highlighter Compress (versions up to and including 3.0.83.3). Root cause: Improper neutralization of input during web page generation , leading to a Reflected XSS vulnerability. Affected scope is stated as Syntax Highlighter Compress: from n/a th...