Security Bulletin: Vulnerability affect underscore-umd-min, werkzeug-3.1.5, flask-3.1.1, cryptography, aircompressor, pyasn1, http, log4j, apache2-build, commons-configuration, bcpkix-jdk18on, server-MariaDB, Jline, IBM COS Systems (April 2026)

Summary Vulnerability with underscore-umd-min CVE-2026-27601, werkzeug-3.1.5 CVE-2026-27199, flask-3.1.1-py3-nCVE-2026-27205, cryptographyCVE-2026-26007, aircompressorCVE-2025-67721, pyasn1CVE-2026-23490, http, log4jCVE-2025-68161, apache2-buildCVE-2025-55753, commons-configurationCVE-2024-29131,...

EUVD-2020-3504

Malware in sbrugna...

Malicious code in sanddance-test-umd (npm)

The package sanddance-test-umd was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-45954 Malicious code in sanddance-test-umd (npm)

The package sanddance-test-umd was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in vite-plugin-legacy-umd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50f69beef84f7a73cac44491396fbfc4bd7564cf1f9c4b3c47ea608b77288c8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-47068

A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta such as import.meta.url in the cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XS...

CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-45812

Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptle...

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...

CVE-2021-29649

A flaw was found in the Linux kernel. The user mode driver UMD has a copyprocess memory leak, related to a lack of cleanup steps in kernel/usermodedriver.c and kernel/bpf/preload/bpfpreloadkern.c...

CVE-2021-29649

The CVE-2021-29649 issue affects the Linux kernel prior to 5.11.11. It is a memory leak in the user mode driver (UMD) caused by incomplete cleanup in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c. The vulnerability is local and does not imply remote code execution by itself; ...

CVE-2020-11150

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

Input validation

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

CVE-2020-11150

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

weather.umd.edu Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1010419 Security Researcher devl00p Helped patch 2753 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting weather.umd.edu website...

karsha.umiacs.umd.edu XSS vulnerability

Open Bug Bounty ID: OBB-449991 Description| Value ---|--- Affected Website:| karsha.umiacs.umd.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

cs.umd.edu XSS vulnerability

Vulnerable URL: http://www.cs.umd.edu/local-cgi-bin/csphotohistory/description.php?lname=Park=Chan-Mo%22%3E%3Cimg%20src=//s-media-cache-ak0.pinimg.com/originals/a6/73/3b/a6733b8afae42218a754751f3dcdf2d4.jpg%3E%3Cscript%3Eprompt/OPENBUGBOUNTY/%3C/script%3E Details: Description| Value ---|---...

ardb.cbcb.umd.edu XSS vulnerability

Vulnerable URL: http://ardb.cbcb.umd.edu/cgi/search.cgi?db=A=%22%3E%3Csvg%2Fonload%3Dconfirm%28%27XSSPOSED%27%29%3E=af Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...