13008 matches found
DataEase <= 2.4.1 - Sensitive Information Exposure
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...
CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...
EUVD-2026-44601
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...
CVE-2026-57833
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...
CVE-2026-53565
Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows. This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7...
CVE-2026-53565
CVE-2026-53565 is a Local Privilege Escalation in Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows. The CVE affects Secure Access Client for Windows versions before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7. The CVE is categorized as...
CVE-2026-60109
Zeek
PT-2026-56810
Name of the Vulnerable Software and Affected Versions Zeek versions prior to 8.0.9 Description A null pointer dereference exists in the Kerberos protocol analyzer. An unauthenticated remote attacker can cause the sensor to crash by sending a specially crafted KRB ERROR message with error-code 25...
MAL-2026-6972 Malicious code in @vwfs-its/sf-sac-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41fd62df844e3fba17cb6200b0c9f2ce518a630677ed96f4cf0349b2a3eb7a3d On npm install, the package's preinstall hook node index.js collects installer host identity — hostname, OS user info, output of whoami and id, shell...
Malicious code in rio-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...
MAL-2026-6910 Malicious code in zluri-ad-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...
Malicious code in zluri-ad-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...
CVE-2026-14758
A flaw was found in radareorg radare2. A local attacker can exploit an integer overflow vulnerability within the hexpairs parser, specifically in the cmdanalopcode function. This manipulation can lead to an integer overflow, potentially causing a denial of service DoS condition...
FreeBSD : traefik -- Multiple vulnerabilities (803b9816-77af-11f1-ba71-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 803b9816-77af-11f1-ba71-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...
MAL-2026-6760 Malicious code in @adobesign/as-dev-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6752e4d30c584cb5ca6f67265c983257c1531aa306b47ec00b43ddae83fe2532 The package's package.json declares a postinstall lifecycle hook that pipes the output of whoami through curl to a hardcoded Burp Collaborator...
UBUNTU-CVE-2026-14758
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...
CVE-2026-14757
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...
PT-2026-55807
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the hexpairs Parser component within the cmd anal opcode function located in the libr/core/cmd anal.inc.c file. This issue requires local access to be exploite...
PT-2026-55806
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the core anal bytes function within the libr/core/cmd anal.inc file. This issue requires local access to be exploited. Recommendations Install the available...
CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...