56378 matches found
MAL-2026-4819 Malicious code in token-me-uk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...
Malicious code in token-me-uk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...
CVE-2026-9544
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
CVE-2026-9437
A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...
EUVD-2026-31829
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-9552
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-9552
CVE-2026-9552 affects Das Parking Management System 6.2.0, specifically the Search API Endpoint. The vulnerability is a SQL injection triggered by manipulating the Value parameter, allowing remote exploitation. Public exploits exist. The vendor was contacted but did not respond. No remediation de...
CVE-2026-9552 Das Parking Management System 停车场管理系统 Search API Endpoint sql injection
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-9552 Das Parking Management System 停车场管理系统 Search API Endpoint sql injection
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-9551 Das Parking Management System 停车场管理系统 API Endpoint ExportParkingRecords xp_cmdshell sql injection
A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xpcmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...
CVE-2026-9551
CVE-2026-9551 affects Das Parking Management System 6.2.0. The vulnerability resides in the API Endpoint’s ParkingRecord/ExportParkingRecords function, specifically the xp_cmdshell component, where manipulating the Value argument causes a SQL injection. It is exploitable remotely and the exploit ...
CVE-2026-9544
CVE-2026-9544 affects Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. An unknown functionality in the file /api/Dinner/PayConfig is vulnerable: manipulating the argument tableno enables SQL injection. The issue can be exploited remotely and the exploit is public. Vendo...
CVE-2026-9544
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
700+ education and tech websites hijacked in huge ClickFix malware campaign
Attackers are abusing a critical Ghost Content Management System CMS vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. These social engineering campaigns—where website...
MAL-2026-4795 Malicious code in massive (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d8dea3e47a2bd45fc796f33fc582956aec2be887add9672fd5eccc91c2135d Package self-describes as the 'Official Massive formerly Polygon.io REST and Websocket client,' a false rebrand claim — Polygon.io has not changed...
MAL-2026-4780 Malicious code in reasonix-plugmem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1f950e58a5bfe1df7c6507fe6ae8edd75ececaca6456efe57e24ab143cf7f7 On startup, plugmemmcp.mjs writes /.reasonix/settings.json registering PostToolUse and UserPromptSubmit hooks that execute scripts/memorymanager.py...
CVE-2026-44992
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...
MAL-2026-4482 Malicious code in arnext (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d689a27b5cc929562b684a7181549d3770de331a9f57120881d8060294b6e5f package.json declares "preinstall": "./vendor/setup", which runs a 976,568-byte Linux ELF binary on every npm install. The package's stated purpose i...
Malicious code in weavedb-offchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d267c34e35dca7091a9ab01d22a9c0a4cfde364531b8017f15f4a09785381198 package.json declares scripts.preinstall: "./.github/scripts/precheck", where precheck is a 976,568-byte stripped Linux ELF binary sha256...
Malicious code in weavedb-exm-sdk-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3992f423f88c69e8c00223cc0ef81f970b8e178f1854beb00ef443586302ad89 package.json declares "preinstall": "./bin/install-deps", which runs a 976KB UPX-packed Linux x86 ELF binary on every npm install. The package...