Malicious Package

Overview milvus-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @workleap-widgets/client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @gwp-gtmt-components/event-listener is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

Malicious Package

Overview @t4i-cms-components/contact-card is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview pako-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

LlamaIndex 代码问题漏洞

LlamaIndex is LlamaIndex open source a data framework for LLM applications. A code issue vulnerability exists in LlamaIndex 0.11.6 and earlier versions, which stems from the BGEM3Index.loadfromdisk function using pickle.load to deserialize a user-supplied file without validation, which could lead...

ROS-20260112-7375

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

[SECURITY] Fedora 42 Update: nginx-1.28.1-3.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code e.g., with OPFALSE OPIF, as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the...

CVE-2023-40636

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed...

CVE-2018-12247

An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrbclass, related to certain .clone usage, because mrbobjclone in kernel.c copies flags other than the MRBFLAGISFROZEN flag e.g., the embedded flag...

CVE-2018-18531

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

CVE-2021-31898

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...

CVE-2022-31504

The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31566

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31525

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31543

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31576

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...