1279 matches found
EUVD-2025-179052
Malicious code in error-validate-refactor-byte-lambda npm...
EUVD-2025-179758
Malicious code in char-xml-xml-validate-validate npm...
EUVD-2025-176592
Malicious code in root-user-await-validate-iota npm...
Malicious code in theta-validate-meta-air-cat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21d3e186b062df4165b4ff6124f4467a91df506dc840e45e44a67191212c48ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quick-validate-transpile-cluster-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee10f0bcabc32d9ac66632a283a2ba700f31cfdfd2a8f280a980368720bf754 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sun-serialize-parse-validate-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b13920f3f0ca3140df6e86d32d1c7763b6f4bdfb166b23361ada1f3d12873e8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175959
Malicious code in theta-validate-meta-air-cat npm...
EUVD-2025-179844
Malicious code in catch-daemon-mock-emulate-validate npm...
EUVD-2025-179622
Malicious code in compile-validate-sandbox-node-async npm...
EUVD-2025-176828
Malicious code in quick-validate-transpile-cluster-route npm...
EUVD-2025-176140
Malicious code in sun-serialize-parse-validate-alert npm...
EUVD-2025-177177
Malicious code in pi-validate-water-test-tau npm...
CVE-2025-60694
A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...
CVE-2025-60694
CVE-2025-60694 affects Linksys E1200 v2 routers running firmware 2.0.11.001_us. A stack-based buffer overflow occurs in httpd's validate_static_route function, where CGI params route_ipaddr_0~3, route_netmask_0~3, and route_gateway_0~3 are concatenated into fixed-size buffers (v6, v10, v14) witho...
CVE-2025-40205
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properly account for the three cases it handles. Before writing to the file handle fh, the function only returns to the user...
SQL Injection
Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to SQL Injection via the validatemodecondition function in the modcp.php file when handling the topicid parameter. An attacker can execute arbitrary SQL queries by...
Cross-site Scripting (XSS)
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the validateurl function. An attacker can execute arbitrary JavaScript code in the context of another user by injecting a malicious...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988980)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988980 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989556)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989556 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: pcmcia: Error handling was added for the addinterval function within dovalidatemem. In dovalidatemem, the call to addinterval does not handle errors. If kmalloc fails during addinterval, it may result in a null pointer being...