MAL-2025-16410 Malicious code in bytel-tag-commander (npm)

The package bytel-tag-commander was found to contain malicious code...

MAL-2025-17408 Malicious code in commander-js (npm)

The package commander-js was found to contain malicious code...

Malicious code in commmander (npm)

The package commmander was found to contain malicious code...

Malicious code in commander-js (npm)

The package commander-js was found to contain malicious code...

Malicious code in bytel-tag-commander (npm)

The package bytel-tag-commander was found to contain malicious code...

WordPress Selling Commander for WooCommerce plugin <= 1.2.46 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by ch4r0n in WordPress Plugin Selling Commander for WooCommerce versions = 1.2.46...

CVE-2024-34534

A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module aka textcommander 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/irmodel.py:IrModel::chechmodel...

CVE-2024-47254

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system...

CVE-2023-30281

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from pscustomer table sush as name / surnam...

CVE-2023-45925

GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function xerrorhandler at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem an X operation silently fails...

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-3325

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

CVE-2022-25192

A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-24573

A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...

CVE-2022-25031

Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level...

CVE-2022-25193

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

CVE-2021-33211

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...