105 matches found
CVE-2026-47118
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
cPanel 安全漏洞
cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities; these vulnerabilities stem from the fact that the chmod calls in...
GO-2026-4697 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...
EUVD-2026-12073
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes...
CVE-2026-29124 Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting IDC SFX2100 Satellite Receiver, which may lead to local privlidge escalation from t...
CVE-2026-29124 Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting IDC SFX2100 Satellite Receiver, which may lead to local privlidge escalation from t...
CVE-2026-29124
The CVE-2026-29124 entry affects International Data Casting (IDC) SFX2100 Satellite Receiver. It reports multiple SUID root-owned binaries located under /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 that ma...
MiracleLinux 4 : openssh-5.3p1-122.AXS4 (AXSA:2017-1374:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1374:01 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure...
MAL-2025-191391 Malicious code in command-irail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e642a4e9c3c0f2a51f790c6cbc5aac4db1aeea9f3b7e2818441aaf072159ada9 The package command-irail was found to contain malicious code. Source: ghsa-malware d205be92bee9a5d776450361e21b39a2f5489d337a73198400e070452f2fc6e3...
Malicious code in posthog-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b422f278bf27e062b349e97360b6919e773122f21656f23d6da583ce7cb1a92 The package posthog-js was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191186 Malicious code in @alexcolls/nuxt-ux (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6d0dc43ee3b9d8d19d3d6a710804c3ea65f07046818a98a58990901d8f88d77 The package @alexcolls/nuxt-ux was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191425 Malicious code in silgi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bab0537c840944fd6fac261deaaca0e3581745c3412d28b7ae3f0f014361c70 The package silgi was found to contain malicious code. Source: ghsa-malware 93a7af2f566e0384a306202ff261bb7cdc496fb32e582afda5808432c3ca4935 Any...
MAL-2025-191345 Malicious code in @voiceflow/eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4db5527f8a6098b9553e656b50ee1e0fcae45b163917de83299e9e5200ff96f The package @voiceflow/eslint-config was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191395 Malicious code in eslint-config-kinvey-flex-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a9878339c2f4bb9dd2871f516aa58a93438018366470f0a023f02178420971 The package eslint-config-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...
Malicious code in ra-auth-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...
Malicious code in @browserbasehq/bb9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc1cd2b73fffb169a779067cb1753b525b3f8112141a253d64a4fb91cb0d4742 The package @browserbasehq/bb9 was found to contain malicious code. Source: ghsa-malware...