500 matches found
CVE-2026-8428
Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-23558
CVE-2026-23558 describes a grant table v2 race in status page mapping for the Xen hypervisor. In XSA-379/387 scenarios, when a HVM/PVH guest changes grant table version from v2 to v1 while XENMEM_add_to_physmap maps status pages, some status pages may be freed even as their mappings are still ins...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558 grant table v2 race in status page mapping
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558 grant table v2 race in status page mapping
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-22816
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003401)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003401 advisory. Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by...
MAL-2025-187543 Malicious code in iota-report-phi-good-public (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4466f1348183e2632c1a55a4604c3526358dfe8dc19f8b17470ec8d2a5ddf2ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186160 Malicious code in class-kernel-lambda-void-try (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f07d1b6f4250bc7debfa02f88d961108d6e01a100297ae64122870d4c9302a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in spectroscopy-webdriver-manager-await-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd63e8f2ff15aafdf183c39b1a3af9623710f2abe9e62e6cf0138f4389f6a0ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mini-css-extract-plugin-nova-titan-duplex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ea7a868756de9bcc6a3ace304f91da8cc120146b8b0589d6581391a679daf16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in html-webpack-plugin-zenobia-nebula-antares (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda7c207337434698205e1a554e373872174bfe0253efa98b12e47eb140c345e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190472 Malicious code in zephyr-yakutsk-update-fornax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4056139ea2e6931e54f1dbb6be8565d9c94ad19a8e4cc44520c8df7a00ac25f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188136 Malicious code in mui-auth-betelgeuse-xo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0b2fd7a8c638947ae3bfc4c81fb4a2b89e7cee50538831189f80aab8974dcde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185828 Malicious code in biosignature-enif-element-ui-biohacking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4715241285965588427f15c1ffe35a84f94a2a86f96acc208d839b45622dc284 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190088 Malicious code in upgrade-quantum-computing-eslint-plugin-areology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f24884b7f8123dd633e86819d246df7e79be71c3680536de53b2cdce89ba5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187228 Malicious code in grep-emulate-module-assert-chi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c75466ab2e6d7a0911b9994ce70e2bfe94d442f610e416ddf1214d0dbe6ead6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...