Exploit_Scripts

E...

Dioxus Components security vulnerabilities

Dioxus Components is a basic component open-sourced by Dioxus Labs. Version 41e4242ecb1062d04ae42a5215363c1d9fd4e23a of Dioxus Components had a security vulnerability. This vulnerability stemmed from the useofanimatedopen function, which used the user-provided ID to format eval strings, potential...

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

Malicious Package

Overview ntwsx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview a4wu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2026-24334

Not used...

GO-2026-4314 High CPU usage leading to DoS via malicious p2p message in github.com/ethereum/go-ethereum

High CPU usage leading to DoS via malicious p2p message in github.com/ethereum/go-ethereum...

EUVD-2026-3783

Orval Mock Generation Code Injection via const...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate o...

Malicious Package

Overview @ikeacn/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-24009

CVE-2026-24009: Docling Core contains a PyYAML deserialization flaw enabling RCE in versions 2.21.0–2.48.3 when untrusted YAML is loaded via docling_core.types.doc.DoclingDocument.load_from_yaml() with PyYAML = 5.4. Severity data indicate high risk (CVSSv3.1: HIGH/CRITICAL depending on metric; ne...

EUVD-2026-3807

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

Malicious Package

Overview @mailpoet/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @fortinet/fortigate-autoscale is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @alluxio/common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26950)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26950 advisory. - In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access devic...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27053)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27053 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-66471)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66471 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior t...

Linux Distros Unpatched Vulnerability : CVE-2025-12781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the base64 module the characters +/ will always be accepted, regardless...