2408 matches found
ZimaOS <= v1.2.4 - Sensitive Information Disclosure
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...
Malicious code in nodepack-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b976e6ab638a52663d25f360bffec6706dc82991ad27c552788a5a4d785ff89f The package presents itself as the popular pino logger README badges, file layout mirroring pino's lib/proto.js, lib/redaction.js, lib/transport.js,...
MAL-2026-6746 Malicious code in typescript-util-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5a6bd9cf4dfc55c5c01859852cf26435e42d4b846384d08b80b7d609b27ad1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @cxp-shared/string-utilities (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2cd735ed6a2711ca0dfcb8cb4fee948afe5e923d6b56743b3fd7ee922bd8d14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-6673
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...
EUVD-2026-38249
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...
CVE-2026-6673 Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...
[SECURITY] Fedora 43 Update: kubernetes1.33-1.33.13-1.fc43
Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...
Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image
A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
MAL-2026-5587 Malicious code in 0x2ai-demo1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdc7c661d4867578d3dd920010bccc1e79fcae8753b5bf549f44ea8a45cde502 On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, cwd, recursive: true with cwd=process.env.INITCWD || process.cwd — recursively writing...
MAL-2026-5538 Malicious code in hex-type (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...
CVE-2026-27648
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
CVE-2026-24792
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
EUVD-2026-34497
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...
DEBIAN-CVE-2026-11308
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-11026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.
Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.
Red Hat Web Terminal Operator 1.14.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
SUSE CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream, if the library is used in versions outside the box with...