Malicious Package

Overview codexworld is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview ecosystemui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview wropz-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview xsstesting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview despicable-me is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

OESA-2026-1347 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...

CVE-2026-26255

Not used...

FreeBSD : MongoDB Server -- Multiple vulnerabilities (77e32b14-0800-11f1-8a6f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 77e32b14-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive...

n8n Node.js Package >= 1.65.0 < 1.114.3 Unsafe Buffer Allocation Memory Disclosure (CVE-2025-61917)

The version of the n8n Node.js Package installed on the remote host is = 1.65.0 and prior to 1.114.3. It is, therefore, affected by an information disclosure vulnerability: - The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allows untrusted code to allocate uninitialize...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

CVE-2026-26076

ntpd-rs (Network Time Protocol) is vulnerable prior to versions 1.7.1. An unauthenticated remote attacker can craft malformed NTS packets, causing the server to expend significantly more effort by requesting a large number of cookies, leading to degraded performance even under load. The issue is ...

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

Exploit for CVE-2025-6019

...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

ntpd-rs 安全漏洞

ntpd-rs is an open-source tool developed by Project Pendulum, designed for synchronizing computer clocks. It supports the NTP and NTS protocols. Versions of ntpd-rs prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that when NTS was enabled on the...

PT-2026-7912

Name of the Vulnerable Software and Affected Versions ntpd-rs versions prior to 1.7.1 Description ntpd-rs is a full-featured implementation of the Network Time Protocol. An attacker can remotely cause moderate increases in CPU usage 2-4 times above normal. When Network Time System NTS is enabled ...

Linux Distros Unpatched Vulnerability : CVE-2025-69871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a...

Linux Distros Unpatched Vulnerability : CVE-2026-1850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. CVE-2026-1850 Note that Nessus relies on the...

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...