13237 matches found
Exploit for Command Injection in Litellm
CVE-2026-42271 — LiteLLM Authenticated Command Injection via M...
MAL-2026-4406 Malicious code in @mcpassure/mcp-anvisa-bulario (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...
Linux Distros Unpatched Vulnerability : CVE-2026-42006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this,...
ROS-20260520-73-0056
Vulnerability in chromium related to memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
PT-2026-42202
The ocaml-TLS 1.3 client does not validate the KeyUsage and ExtendedKeyUsage extensions of the server certificate. This can lead to impersonation with a certificate issued to a client. Scenario Every employee at a major bank carries a smart card. The card holds a clientAuth certificate issued by...
PT-2026-42057
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021625)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021625 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash tab...
ROS-20260520-73-0039
A vulnerability in the FedCM component of Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
PT-2026-42203
The TLS server implementation does not validate the KeyUsage and ExtendedKeyUsage extensions of client certificates when mutually authenticated TLS is requested. This can lead to impersonation with a certificate issued to a server. Scenario An operations engineer enables mTLS on the admin endpoin...
CVE-2026-45232
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...
ROS-20260520-73-0038
A vulnerability in the WebGPU component of the Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
ROS-20260520-73-0036
A vulnerability in the Dawn component of Google Chrome browser is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechanism using a specially crafted HTML page...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021581)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021581 advisory. In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset...
Malicious code in glass-of-water (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...
BillaBear is Vulnerable to SQL Injection in the EventRepository
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
Malicious code in corelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...
CVE-2026-5511
In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...
CVE-2026-5511
In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...
glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions
A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...