1623 matches found
MAL-2026-5726 Malicious code in ecto_module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e66c690abd94ee498cd359eb076451c0f6ea3956d8221616bbf8990d35a38c5 On npm install, the package's preinstall hook node index.js reads /flag.txt falling back to execSync'cat /flag' and transmits the captured contents i...
PT-2026-49084
Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions prior to 2.1.0 Description Incorrect Authorization exists in the Page Builder: Pagelayer plugin. The pagelayer save content AJAX handler allows users with basic post-edit capabilities to persist pagelayer conta...
CVE-2026-46717
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...
Malicious code in ect-654321 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec784a9a1926de8d2c18de41c996e69e10f7001bf9fdc7604edc22d5775b4540 ect-654321 contains only a package.json with a preinstall lifecycle hook that unconditionally executes wget...
EUVD-2026-36576
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...
EUVD-2026-32605
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF...
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...
EUVD-2026-32594
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step...
GHSA-6964-PP88-6WP9 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
Summary The executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-side...
SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator
Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...
GHSA-CQ87-8R7H-962V SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator
Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...
CVE-2026-47139 vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...
CVE-2026-49214
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...
CVE-2026-40999
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
MAL-2026-5609 Malicious code in clean-my-pc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8139d8347bc83b12e276e481509aaca6af69adff21f7df1658a6eeadd31562f6 The package's collect.js imports childprocess, fs, http, https, and os, gathers host identifiers via os.hostname and os.homedir, reads files from the...
CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
CVE-2026-40999
CVE-2026-40999 affects Spring Web Services (versions across 3.1.0–3.1.8, 4.0.0–4.0.18, 4.1.0–4.1.3, 5.0.0–5.0.1). When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS can initiate outbound connections via configured WebServiceMessageSender instances to destination...
CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
EUVD-2026-36209
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
Malicious code in @monitoring-lib/error-tracking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...