Malicious code in eslint-plugin-superhuman-custom-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e50258e14acd3712854f3059d043b8c4982563ab8d401555b253702a3212279 The package eslint-plugin-superhuman-custom-rules was found to contain malicious code...

MAL-2026-1729 Malicious code in eslint-plugin-superhuman-custom-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e50258e14acd3712854f3059d043b8c4982563ab8d401555b253702a3212279 The package eslint-plugin-superhuman-custom-rules was found to contain malicious code...

Exploit for Code Injection in Unicode

codescan Fast, configurable code security scanner written in...

CVE-2026-25733

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

CVE-2026-25733

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

CVE-2026-25733

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

CVE-2026-25733

CVE-2026-25733 concerns Rucio’s WebUI, where a stored XSS in the Custom Rules function allows attacker-controlled input to be persisted by the backend and rendered without proper encoding. Affected versions are prior to 35.8.3, 38.5.4, and 39.3.1; these versions fix the issue. The vulnerability c...

CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

GHSA-RWJ9-7J48-9F7Q Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the Custom Rules feature in the WebUI, where inputs controlled by attackers were not proper...

PT-2026-21999

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 Description Rucio software contains a stored Cross-Site Scripting XSS issue within the Custom Rules function of the WebUI. Attackers can inject malicious code through the comment field, which ...

PT-2025-54217

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

Malicious code in eslint-plugin-custom-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 290264bf054a89de7b611685ab2f5a9720fd03d6e90c3631d42bbef29259ec48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1032 Malicious code in eslint-config-scp-custom-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73a0feb02dac8e9a44d4dfef753d5e64e20660b0f07333ca0660f422036d468d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1033 Malicious code in eslint-plugin-scp-custom-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8860b8044f2adb9c969cdcf764976c8f9e110be9d0b0a03d095998595aec3938 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Streamlining OS and Application Hardening: Revealing Misconfigurations with Wiz’s Agentless Custom Host Configuration Rules

Shell commands that once had to be run manually now can be coded into a custom rule and run daily using Wiz agentless workload scanning...

CVE-2021-4038

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in a...