Malicious code in @webda-infra/search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3966598d25bae6a0824df09461ccbea8ad8ff22be2b3b93eab681cc733ff73 @webda-infra/[email protected] is a near-empty placeholder index.js is empty, module.exports = whose package.json declares a single dependency, ltidisafe...

CVE-2026-49959

Hermes WebUI prior to 0.51.311 is affected by a remote code execution vulnerability. Authenticated attackers can trigger arbitrary commands by placing a malicious executable Git configuration in a workspace repo’s .git/config. The issue arises from Git subprocess invocations in api/workspace_git....

CVE-2026-0414 Insufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR Routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0414 Insufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR Routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0414

NETGEAR RBE970 has a CVE-2026-0414 vulnerability described as an insuff icient input validation that lets authenticated administrators on the local network make unauthorized modifications to router software and functionality. Affected product: NETGEAR RBE970. Impact: modification of software and ...

USN-8411-1: Lodash vulnerabilities

It was discovered that Lodash was vulnerable to a prototype pollution issue in the zipObjectDeep function. An attacker could possibly use this issue to modify application behavior. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-8203 Liyuan Chen discovered that Lodash was...

USN-8410-1: shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

USN-8410-1 node-shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

CamView installer insecurely loads Dynamic Link Libraries

Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

APSB26-58 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure...

APSB26-65 : Security update available for Adobe Format Plugins

Adobe has released an update for Adobe Format Plugins. This update addresses critical vulnerabilities that could lead to arbitrary code execution...

APSB26-59 : Security update available for Adobe InCopy

Adobe has released a security update for Adobe InCopy. This update addresses critical vulnerabilities that could lead to arbitrary code execution...

PT-2026-48274

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description A Server-Side Request Forgery SSRF issue exists where the server can be coerced into making unauthorized requests. This can lead to privilege escalation or arbitrary cod...

PT-2026-48278

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description An incorrect authorization issue exists that could allow arbitrary code execution in the context of the current user. This flaw can be exploited without requiring any us...

PT-2026-48276

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-48254

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions prior to 26.001.21652 Description A Use After Free issue exists where memory is accessed after it has been freed. This can lead to arbitrary code execution in the context of the current user. Exploitation requires user...