MAL-2026-1774 Malicious code in libxmljs2-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 080d064e9c79a741220b57667af951576d2d474fa6f9740d0d691abfe832656e The package libxmljs2-1 was found to contain malicious code...

CVE-2026-1774

creationtimestamp| type| source ---|---|--- 2026-02-12 04:40:06+00:00| seen| https://gist.github.com/alon710/31c4e451c394eacbaee20fa470c766e5...

@abip/scp-common (=1.0.1-alpha.0), @akemona-org/strapi-admin (>=3.7.0 <=3.18.2) +401 more potentially affected by CVE-2026-1774 via @casl/ability (>=2.4.2 <=6.7.3)

@casl/ability NPM version =2.4.2, =3.7.0, =0.2.0, =0.3.1, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.1.0, =1.7.0, =0.7.1, =0.13.85 and more Source cves: CVE-2026-1774 Source advisory: OSV:GHSA-X9VF-53Q3-CVX6...

@abip/scp-common (=1.0.1-alpha.0), @akemona-org/strapi-admin (>=3.7.0 <=3.18.2) +401 more potentially affected by CVE-2026-1774 via @casl/ability (>=2.4.2 <=6.7.3)

@casl/ability NPM version =2.4.2, =3.7.0, =0.2.0, =0.3.1, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.1.0, =1.7.0, =0.7.1, =0.13.85 and more Source cves: CVE-2026-1774 Source advisory: SNYK:JS-CASLABILITY-15268419...

EUVD-2026-1774

The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes tags while allowing other XSS vectors such as event handlers onload,...

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

EUVD-2008-3353

Malware in sbrugna...

CVE-2024-20108

In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774...

CVE-2021-1774

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2025-1774

creationtimestamp| type| source ---|---|--- 2025-03-17 17:28:07+00:00| seen| https://t.me/cvedetector/20476 2025-03-17 17:45:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lklphuq5gl2m...

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

CVE-2025-1774 Logs manipulation in BotSense

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

CVE-2025-1774

CVE-2025-1774 is a string-encoding vulnerability in NASK - PIB BotSense where an additional field separator character or value can be injected into generated events’ extraData. Affected versions are BotSense before 2.8.0. Root cause: incorrect string encoding that allows extra separators/values t...

CVE-2025-1774 Logs manipulation in BotSense

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

Linux Distros Unpatched Vulnerability : CVE-2015-1774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service crash ...

Linux Distros Unpatched Vulnerability : CVE-2010-1774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of...

CVE-2022-1774

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7...

Cross Platform Webkit File Dropper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cross Platform Webkit File Dropper', 'Description' = %q This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the...

WordPress Customily Product Personalizer Plugin <= 1.23.3 is vulnerable to Cross Site Scripting (XSS)

Software Customily Product Personalizer Type Plugin Vulnerable versions = 1.23.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1774 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 736e090b7cc5 Credits...

CVE-2024-1774

The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...