183 matches found
firefox: thunderbird: Unhandled Exception in Add-on Signature Verification
The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-28673
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...
CVE-2026-28673
xiaoheiFS (self-hosted financial/operational system) versions ≤ 0.3.15 are vulnerable through the standard plugin system. An attacker can upload a ZIP containing a binary and a manifest.json; the server trusts the binaries field in the manifest and executes the specified file without validating i...
PT-2026-25970
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...
EUVD-2026-12085
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
MAL-2025-190150 Malicious code in view-omicron-unix-compress-authorize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d86eb2e159a609113cfc2efc8435ff741a9e4a3d864ae507fe6a729dd0058b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in itale-adci-ggryuyegfjbu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c49bb2df6a5269b255f6360543df1a830c0ad775c6f1398eddbd88b8a21ef42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184952 Malicious code in sonic-kas-fagiufagugafa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a537d26a3f1602b0d32cd0629586d1858929097fd1dd03ca591b48867e6125 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-futfi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9069dc632d842e20a9ba5d0cd40085a754cfdc82ebf69f2427dc7e942ed583dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181154 Malicious code in teate-thy-sonic-zuluf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d198dc0693a9d57cb4fcf20d4c644a5a1a662b95d255e2d4fa7f74603234d2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-py-kopna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 350372ec686d2e9f3d5e3041efd1ae292241b88f94b8391dacabfd5194b3805d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180993 Malicious code in teate-thy-sonic-tutato (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5037addecd0179ab192604db30cede8138b42b47a3391ce3403c48ca1f73e72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nuilva-bavaim-macovo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05cc9559f6efdcbc4c48ca5c1433f4d5d1070185850de3a008165b4f8a19027c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unimana-satgub-naiuanab (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5174efd6ecdaa186069b309f2af05c5bf6dd72df338d032de7ec1d2d38eddca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-173424 Malicious code in buta-fiona-infa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f62002f395ff3aed799fcbdda1a49ca9a1dfb660fd3faed3e8c42d55b08a27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in goodain-nusafaia-nuasafi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16aa6ae8a5a64c001441544f5edc0085a5a34c595b82f25b5661452a38b99f1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in goodafin-nuiya-gifia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1279d7b7f18eba999c739ba9f3e9dbc33ff0006b8a10490d8bcb5dbca77acb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...