Malicious Package

Overview sd-conversation-history-module-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview dws-dx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview lusha-ui-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview omnicore-ds2-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-22036

A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in...

CVE-2026-23713

Not used...

SUSE CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

MiracleLinux 7 : postgresql-9.2.21-1.el7 (AXSA:2017-1914:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1914:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll ne...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004138 advisory. An issue was discovered in writetptentry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dmamapsingle a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000753 advisory. Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a...

MiracleLinux 7 : krb5-1.15.1-18.el7 (AXSA:2018-2754:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2754:01 advisory. krb5: Authentication bypass by improper validation of certificate EKU and SAN CVE-2017-7562 krb5: Invalid S4U2Self or S4U2Proxy request causes...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces LSI to stop while...

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces LSI to stop while...

Exploit for CVE-2026-23550

CYBERDUDEBIVASH Modular DS CVE-2026-23550 Detector Overvie...

CVE-2021-47799

Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges...

CVE-2026-0992 Libxml2: libxml2: denial of service via crafted xml catalogs

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...

CVE-2026-0992

CVE-2026-0992 in libxml2 describes an uncontrolled resource consumption vulnerability. A remote attacker can supply crafted XML catalogs containing repeated elements pointing to the same downstream catalog, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU us...

PYSEC-2026-73

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading componentin GoogleKeras3.0.0 through 3.13.0on all platformsallows a remote attackerto cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpretervia a crafted .keras archive containin...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003108)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003108 advisory. In /drivers/isdn/i4l/isdnnet.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer...