Malicious Package

Overview ntwsx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview a4wu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2026-24334

Not used...

GO-2026-4314 High CPU usage leading to DoS via malicious p2p message in github.com/ethereum/go-ethereum

High CPU usage leading to DoS via malicious p2p message in github.com/ethereum/go-ethereum...

EUVD-2026-3783

Orval Mock Generation Code Injection via const...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate o...

Malicious Package

Overview @ikeacn/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-24009

CVE-2026-24009: Docling Core contains a PyYAML deserialization flaw enabling RCE in versions 2.21.0–2.48.3 when untrusted YAML is loaded via docling_core.types.doc.DoclingDocument.load_from_yaml() with PyYAML = 5.4. Severity data indicate high risk (CVSSv3.1: HIGH/CRITICAL depending on metric; ne...

EUVD-2026-3807

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

Malicious Package

Overview @fortinet/fortigate-autoscale is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @mailpoet/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @alluxio/common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26950)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26950 advisory. - In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access devic...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27053)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27053 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in...

Linux Distros Unpatched Vulnerability : CVE-2025-12781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the base64 module the characters +/ will always be accepted, regardless...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-66471)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66471 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior t...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37839)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37839 advisory. - In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb-ssequence check...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47744)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47744 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect...

CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...