CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

CVE-2026-27025

CVE-2026-27025 affects the PyPDF family (pypdf). The issue is triggered by parsing a PDF’s font /ToUnicode entry with unusually large values, causing long runtimes and large memory usage (DoS risk). The vulnerability is fixed in pypdf 6.7.1; remediation is upgrading to 6.7.1 or newer. Connected a...

Malicious Package

Overview rollup-plugin-polyfill-swc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview detect-cache is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview ethres is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview node-native-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview suport-color is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-1842 HyperCloud Improper Refresh Token Validation and Access Token Invalidation Allows Long-Term Unauthorized Access

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

CVE-2026-27325

Not used...

CVE-2026-27320

Not used...

CVE-2026-27318

Not used...

PT-2026-21339

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.19 Description The software is a personal AI assistant. A flaw exists in the Cron webhook delivery within the src/gateway/server-cron.ts component, where the use of fetch directly allows webhook targets to...

pypdf 安全漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.7.1 contained security vulnerabilities. These vulnerabilities stemmed from /ToUnicode entries in the font parsing, whic...

Malicious code in ethrpc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b1eff108aebd0c94cd1b2c9dd2321060f61236e0dbf655c62f729169dcd5d5b3 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...

CVE-2026-26275

The CVE affects httpsig-hyper up to version 0.0.22, where Digest header verification could incorrectly succeed due to a misuse of Rust’s matches! macro, causing digest checks to pass even when the computed digest did not match the expected value. This could allow message body modifications to go ...

CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...

CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...

CVE-2026-26313

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...

SUSE CVE-2026-23216

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...

PT-2026-20908

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...