545 matches found
XWiki Platform - Information Disclosure
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...
Malicious code in hunsterx-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32f2430d6e0da9484283d0012a16df0c593ccb5fa2a56ea727bd19ba435f964f preinstall.js executes a chain of evalBuffer.from'','base64'.toString payloads at npm install time. The decoded payloads collect host identity...
PT-2026-51640
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.4 Description A flaw in the trust mechanism allows arbitrary command execution when a directory contains task-include directories such as mise-tasks/, .mise/tasks/, etc. but lacks a configuration file. In this...
EUVD-2026-36644
The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...
Malicious code in parket-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...
CVE-2026-11416
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...
CVE-2026-50206
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
CVE-2026-50206
CVE-2026-50206 affects VPN network profile handling where special characters in config files are not safely processed, enabling command injection. Root cause: improper sanitization or parsing of config entries leads to execution of injected commands when reading malicious config files. Documented...
CVE-2026-50206 VPN Command Injection Vulnerability
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
CVE-2026-50206
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
CVE-2026-50206 VPN Command Injection Vulnerability
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
NamelessMC 安全漏洞
NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability that arises from not verifying the authorization of viewers before...
OpenSC 安全漏洞
OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack and heap buffer overflow vulnerability in the dokeyvalue function located in src/pkcs15init/profile.c. Thi...
CVE-2025-41670
Technical details about CVE-2025-41670 are not publicly available in the provided documents. Monitor for updates from official advisories; no affected products, vulnerable components, or remediation are specified here.
Phoenix Contact多款产品 代码问题漏洞
PHOENIX CONTACT AXC F 1152 and PHOENIX CONTACT AXC F 2152 are controller devices from the German company PHOENIX CONTACT. Several products from Phoenix Contact have code vulnerabilities. These vulnerabilities allow low-privilege local users to manipulate configuration or application-related files...
PT-2026-43542
A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...
Malicious code in claude-all-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c5a1f5a6f5bd2dadc4e207ff4e8e310c24cd4c99c751ed094251e00e0af8f3 On install, postinstall.js writes configuration into /.claude/, /.gemini/, /.codex/, and /.kiro/ that hard-wires AI tooling to author-controlled...
MAL-2026-4522 Malicious code in claude-all-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c5a1f5a6f5bd2dadc4e207ff4e8e310c24cd4c99c751ed094251e00e0af8f3 On install, postinstall.js writes configuration into /.claude/, /.gemini/, /.codex/, and /.kiro/ that hard-wires AI tooling to author-controlled...