9558 matches found
CVE-2026-8421 Concrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCE
Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...
CVE-2026-8421
Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...
CVE-2026-8421
Concrete CMS 9.5.0 and earlier versions include a CSRF vulnerability in the install_package() handler (concrete/controllers/single_page/dashboard/extend/install.php). An attacker who can induce an authenticated administrator to visit a crafted page and has placed or caused a package under DIR_PAC...
CVE-2026-8421 Concrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCE
Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the installpackage method of concrete/controllers/singlepage/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...
CVE-2026-8426
Concrete CMS 9.5.0 and earlier fails to validate a CSRF token for requests to /dashboard/extend/update/prepare_remote_upgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and trigger the upgrade() method in a single b...
EUVD-2026-31337
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...
CVE-2026-8140
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download method in concrete/controllers/singlepage/dashboard/extend/install.php checks only the canInstallPackages permission before fetching a remote marketplace...
CVE-2026-8140 Concrete CMS 9.5.0 and below is vulnerable to CSRF on download() in the package install controller
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download method in concrete/controllers/singlepage/dashboard/extend/install.php checks only the canInstallPackages permission before fetching a remote marketplace...
Malicious code in @ornexus/neocortex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc On npm install -g @ornexus/neocortex, postinstall.js spawns install.sh or install.ps1 which, by default, runs an installcoderabbit step that fetches...
Malicious code in fnd-stores (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62c9035e303ec731c71c689ed77eed17b245cd4adc475cb616ff94991539aa56 On npm install, the package's postinstall hook runs node index.js, which collects the installer's hostname, OS platform, current working directory, C...
Malicious code in moneykit-cardano-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...
Malicious code in veteran-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...
MAL-2026-4704 Malicious code in veteran-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...
MAL-2026-4399 Malicious code in @kedem/okdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...
MAL-2026-4580 Malicious code in http-uploader-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...
MAL-2026-4458 Malicious code in @toni77777/aora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...
Malicious code in @toni77777/aora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...
Malicious code in auth0-templates-scripts-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...
Malicious code in sparkecoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e17b053b29d371301e49a703b1b6d2fba5631df4bf7b6926503a6b8bb82257 package.json declares a postinstall hook: "npm install -g agent-browser 2/dev/null || true; agent-browser install 2/dev/null || true". On npm install...
Malicious code in claw_messenger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b621afa50fe31026a12750b83eeb309366f95b07a9e0c5095d3e862f0007b70f The postinstall lifecycle script in dist/postinstall.js spawns two detached, hidden child processes during npm install. 1 spawn'npm', 'install', '-g'...