uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

I discovered a command injection vulnerability in uniget that allows arbitrary command execution through the metadata loading and version check mechanism. Summary A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c...

CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

CVE-2026-29080

A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...

Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

CVE-2026-35602

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Size field in JSON metadata at the file import endpoint for size checks, rather than the actual...

CVE-2026-23991 go-tuf affected by client DoS via malformed server response

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

CVE-2026-21900

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in...

CVE-2026-21900

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in...

PT-2026-2130

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft and a ground station. An...

MAL-2025-177420 Malicious code in poglymer-ogmimh-vgpag (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18cbe4620f65cbe6f1e405bb8bfd550b3f226ae84551bfa3dc0342bf32dcf291 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lutfi-lapis98-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b21572452355987815f25a98ac21f04fc49c1eac8f7b3060ec93a0734677ca3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-107986 Malicious code in retail_lark_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f778fc96ea8f89ecd842c0da846d74403d6a77e3476be21a70de35595681add8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mulyono-soto34-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a4ca78b7cab75b5ce9023a536a2fae5476ac64e24d9b26bee3dc6fdb1cb4212 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-81927 Malicious code in uncertain_caterpillar_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e06746cc6a32a3a585101698f1d35cf86750653e432675078d7affed963e8f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in willowy-tomato-mink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0bb06bb54e19101d21d06f89b5b4e447484f3a74c39ef7c11ce6033ca1caaf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in plain-amber-horse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b871cf67ec2c5bc45b9d63602092fbdf443082c0888bddc31a40dd23c3272527 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...