Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from repeatedly calling strings.Split within loops, causing the validation cost to increa...

Fedora 44 : dovecot (2026-96eeb03b88)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-96eeb03b88 advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

CVE-2026-10293

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be...

CVE-2026-25277

Memory corruption while using Strongbox due to buffer overflow...

CVE-2026-43623

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

Malicious Package

Overview xarc-webpack-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview randomlogs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @pcldpvkoewpogw/testhacker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @osamdefeirrighs/testhackfrrferrr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview collected-forms-embed-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview audit-logsss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview cms-storehub is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview to-cms is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview cms-helpgit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview chainix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @tmecontinue/cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-37232

OpenAirInterface5G 2.4.0 (nr-softmodem) E2SM-KPM RAN Function PRB utilization calculation (fill_RRU_PrbTotDl/Ul in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c) divides PRB difference by the previous total_prb_aggregate, missing a zero-check. If two consecutive samples are identical and a...

CVE-2026-37232

An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...

Linux Distros Unpatched Vulnerability : CVE-2026-45149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the iApp message distributor using assert for validation of the allowlist, which may allow remote unauthenticated attackers to send...