Malicious code in power-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7 On npm install, postinstall.js executes whoami, id, and reads os.hostname, os.platform, process.cwd, and CI/GitHub environment variables, then sends...

CVE-2026-44048

A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...

CVE-2026-44062

In Netatalk (versions 2.0.4–4.4.2) a missing o_len bounds check in pull_charset_flags() enables out-of-bounds processing; fixed in 4.4.3 (per NVD). Debian advisory groups the CVE under a security update and recommends upgrading to a secure netatalk package; apply vendor-provided patches (e.g., De...

EUVD-2026-31224

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

CVE-2026-44049

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

Netatalk 缓冲区错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain a buffer error vulnerability. This vulnerability stems from improper termination of emp...

1g6table (=0.1.0), 7qb (=0.0.17) +1258 more potentially affected by unknown CVE via @antv/dom-util (>=2.0.2 <=2.0.4)

@antv/dom-util NPM version =2.0.2, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =0.2.0, =1.1.15, =1.0.4, =2.1.0 - @alifd/ice-devtools =1.1.14-beta.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3873...

Malicious code in @cplace-workflow-fe/cf-workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa219c5fdaf0ec8e6e0467fb1f23bfde9a07c18276187464062943e612848781 The package @cplace-workflow-fe/cf-workflow was found to contain malicious code. Source: ghsa-malware...

CVE-2026-6126

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2026-6126 zhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...

CowAgent 访问控制错误漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Version 2.0.4 of CowAgent contains a vulnerability related to access control. This vulnerability stems from the lack of authentication in the Administrative HTTP Endpoint component, whi...

CowAgent 路径遍历漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the file...

CVE-2026-3210

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

EUVD-2026-15776

Use of Hard-coded Credentials vulnerability in Addi Addi Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi Cuotas que se adaptan a ti: from n/a through = 2.0.4...

EUVD-2026-15465

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

CVE-2026-3210

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

CVE-2026-27073

CVE-2026-27073 is a WordPress plugin issue affecting Addi – Cuotas que se adaptan a ti, 2.0.4. The available connected sources do not provide explicit exploit details or in-the-wild activity beyond the vulnerability description and fixes. If you use this plugin, prioritize upgrading to a non-vul...

Drupal Material Icons 安全漏洞

Drupal Material Icons is a module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal Material Icons prior to 2.0.4 contained security vulnerabilities, which were caused by improper authorization and could lead to forced browsing...

PT-2026-27973

Name of the Vulnerable Software and Affected Versions Addi – Cuotas que se adaptan a ti versions n/a through 2.0.4 Description A flaw exists in Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi that allows for exploitation of the password recovery function due to the use of hard-coded...

WordPress Addi – Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Addi Cuotas que se adaptan a ti versions = 2.0.4...