MAL-2026-1664 Malicious code in brisk-web-ssr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca871bc80853efc77cb6ead479434624e2f9b148a1de2dd7a18f5d784c4e1499 The package brisk-web-ssr was found to contain malicious code...

@anngdinh/remote-mcp-server-authless (=0.0.0), @apideck/mcp (>=0.1.9 <=0.1.13) +139 more potentially affected by CVE-2026-1664 via agents (>=0.0.100 <=0.3.10)

agents NPM version =0.0.100, =0.1.9, =0.4.0, =0.1.0, =1.1.1, =0.2.0, =0.1.0, =0.0.1, =1.0.2, =1.0.1, =1.1.1 - @famma/mcp-auth =0.0.4 and more Source cves: CVE-2026-1664 Source advisory: SNYK:JS-AGENTS-15209148...

@anngdinh/remote-mcp-server-authless (=0.0.0), @apideck/mcp (>=0.1.9 <=0.1.13) +139 more potentially affected by CVE-2026-1664 via agents (>=0.0.100 <=0.3.10)

agents NPM version =0.0.100, =0.1.9, =0.4.0, =0.1.0, =1.1.1, =0.2.0, =0.1.0, =0.0.1, =1.0.2, =1.0.1, =1.1.1 - @famma/mcp-auth =0.0.4 and more Source cves: CVE-2026-1664 Source advisory: OSV:GHSA-R7X9-8PH7-W8CG...

CVE-2026-1664

Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...

Linux Distros Unpatched Vulnerability : CVE-2022-1664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal...

CVE-2025-1664

CVE-2025-1664 affects the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates . The vulnerability is a Stored Cross-Site Scripting via the Parallax slider in all versions up to 5.3.1 due to insufficient input sanitization and output escaping. Exploitation requi...

CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-1664

creationtimestamp| type| source ---|---|--- 2025-01-15 21:54:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1877...

GLSA-202408-30 : dpkg: Directory Traversal

The remote host is affected by the vulnerability described in GLSA-202408-30 dpkg: Directory Traversal Please review the CVE indentifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory. Note that Nessus has not...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Heap overflow in zipimporter module CVE-2016-5636 - python: Integer overflow in...

CVE-2024-1664

creationtimestamp| type| source ---|---|--- 2024-04-10 11:19:40+00:00| seen| https://t.me/arpsyndicate/4431...

CVE-2024-1664

The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1664 Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS

The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2020-1664

creationtimestamp| type| source ---|---|--- 2023-11-29 14:28:27+00:00| seen| https://t.me/arpsyndicate/752...

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.2.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +897 more potentially affected by CVE-2023-1664 via org.keycloak:keycloak-core (>=10.0.0 <=21.1.1)

org.keycloak:keycloak-core MAVEN version =10.0.0, =1.2.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.10.0, =0.10.0, =0.5.0, =0.10.5-experimental and more Source cves: CVE-2023-1664 Source advisory: OSV:GHSA-5CC8-PGP5-7MPM...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update

A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3885 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

EulerOS Virtualization 3.0.2.0 : dpkg (EulerOS-SA-2023-1744)

According to the versions of the dpkg package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a...

SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1664-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1664-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will...