6603 matches found
MAL-2026-5461 Malicious code in fhirproxy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...
Medium: python3.12
Issue Overview: The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire. CVE-2026-2297...
Medium: python3.13
Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1785)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1785 advisory. http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element...
EulerOS Virtualization 2.12.0 : glib2 (EulerOS-SA-2026-2099)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line...
EulerOS Virtualization 2.13.0 : glib2 (EulerOS-SA-2026-2165)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory...
EulerOS Virtualization 2.13.1 : glib2 (EulerOS-SA-2026-2126)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory...
EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-2046)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...
EulerOS Virtualization 2.12.1 : glib2 (EulerOS-SA-2026-2074)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line...
EulerOS Virtualization 2.10.1 : glib2 (EulerOS-SA-2026-2019)
According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...
CVE-2023-54344
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...
CVE-2026-49197
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...
CVE-2026-33121
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
CVE-2026-46395
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...
EUVD-2026-34886
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...
CVE-2026-46395
HAX CMS Node.js backend (before 26.0.0) exposes a critical cryptographic flaw in the hmacBase64() function. It uses a hardcoded signing key of the string "0" and then appends the real key (this.privateKey + this.salt) to the output, producing tokens that reveal the private key when decoded. An un...
HAXCMS 安全漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAX CMS prior to Node.js 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from two encryption implementation errors in the hmacBase64 function. This could allow unauthenticated attacke...
CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...