CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

AZL-76373 CVE-2026-1467 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

Malicious Package

Overview @wb-team/uikit-myteam-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @santandergroup-uk/edgehome-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @riag-libs/pattern-library-react-hooks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @spx-delivery/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @servicepoint/vue-project is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview stylus.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview hackerxhj is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview testxhjhka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview shopee-chat is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview @shije/new-qs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @afg-ikea/ikea-kiosk-related-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious Package

Overview overstock-jenkins is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview overstock-login-layer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview overstock-component-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...