Malicious Package

Overview colorize-console is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in colorize-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f4e60bdcd92f4f5690797fa091f0acb0a463de5c353ded0f6f5e7317a2f84eb The package colorize-console was found to contain malicious code. Source: ghsa-malware a0e5faaa04c5e7d06c634dc2be1f148aa27acb8842f1731dad902bdb3e33d1...

MAL-2026-1128 Malicious code in colorize-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f4e60bdcd92f4f5690797fa091f0acb0a463de5c353ded0f6f5e7317a2f84eb The package colorize-console was found to contain malicious code. Source: ghsa-malware a0e5faaa04c5e7d06c634dc2be1f148aa27acb8842f1731dad902bdb3e33d1...

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

WordPress Plugin Web Accessibility by accessiBe Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Web Accessibility by...

📄 WordPress Query Console 1.0 Code Injection

This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)

Summary A cross-site scripting vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server...

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

EUVD-2026-8590

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover...

GHSA-V9FG-3CR2-277J Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover

Summary A Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from localStorage, leading to full account...

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover

Summary A Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from localStorage, leading to full account...

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

CVE-2026-27822

RustFS before 1.0.0-alpha.83 is affected by a Stored XSS in the RustFS Console that bypasses PDF preview logic, allowing an attacker to steal admin credentials from localStorage and potentially takeover accounts and compromise the system. The issue is fixed in 1.0.0-alpha.83. No exploitation deta...

PT-2026-21848

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.83 Description RustFS is a distributed object storage system built in Rust. A Stored Cross-Site Scripting XSS vulnerability exists in the RustFS Console, allowing an attacker to execute arbitrary JavaScript...

PT-2026-21991

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One affected versions not specified Description The Trend Micro Apex One management console contains a path traversal weakness. This allows attackers with access to the console to execute malicious code on unpatched Windows...

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.3.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

CVE-2025-69401

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through = 2.5.2...