27 matches found
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
Malicious code in @inetafrica/open-claudia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b3881ec598069649e57612f04359886ef22331899541885248ea6a0a41bce2 Multiple files in this package contain a Telegram-bot-based command-and-control and exfiltration framework wired to install/runtime-reachable code...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
EUVD-2026-26674
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
CVE-2026-42473
The CVE-2026-42473 issue affects MixPHP Framework 2.x up to 2.2.17. The vulnerability arises from unsafe deserialization in the FileHandler’s session and cache handling, where data from the filesystem is passed to PHP’s unserialize(), enabling high-impact data integrity/confidentiality/availabili...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build...
CVE-2025-1127
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem...
CVE-2025-27020
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...
CVE-2025-27020
CVE-2025-27020 affects Infinera MTC-9 due to an improper SSH service configuration. A misconfigured SSH implementation allows an unauthenticated attacker to execute arbitrary commands and read/write filesystem data over the network. Affected versions are R22.1.1.0275 up to, but not including, R23...
PT-2025-49542
Name of the Vulnerable Software and Affected Versions Infinera MTC-9 versions R22.1.1.0275 through R22.9.9 Description An improper configuration of the SSH service in Infinera MTC-9 can allow an unauthenticated attacker to execute arbitrary commands and access data on the file system. The issue...
EUVD-2023-38498
Malicious code in bioql PyPI...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2025-1127 Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem...
CVE-2025-1127
CVE-2025-1127 affects Lexmark printers with an embedded web server. Multiple connected sources describe a path traversal combined with concurrent execution vulnerability that allows an unauthenticated attacker to execute arbitrary code as an unprivileged user and/or modify any filesystem data. Re...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
Input validation
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...