246 matches found
Malicious code in iwsdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10332 Malicious code in lowkeybored (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a98aa46273662e37d16a9ce5fd2e003ae747c89301cbd03b1ba52bdbe81fca The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
CVE-2026-55477
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
MAL-2026-6387 Malicious code in multer-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...
CVE-2026-46552 NocoDB: Shared-base link access can invite arbitrary users as persistent base members
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...
CVE-2026-56276
Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...
PT-2026-51151
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the 'PUT /api/v1/user' endpoint. This allows authenticated users to modify the credential field without proper validation. By providing a crafted password hash, an...
CVE-2026-55201
CVE-2026-55201 affects Evil-WinRM (up to version 3.9). A path traversal in download_dir() can cause the server to generate filenames with traversal sequences from Get-ChildItem output, which are passed unsanitized to File.join(), enabling writes outside the intended download directory. Attackers ...
Malicious code in @mastra/s3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69bd7442a33e88350e5a804e238625a967b16df137b4b1623cd6a0587d25dc21 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5881 Malicious code in obfus-jsxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06ceddcf57cd9b200dd1b25fa6f9179fdbf71eb420a9211eb81b762e21a07211 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...
EUVD-2026-36702
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...
CVE-2026-44188
Affects Ansible Lightspeed (and Red Hat Ansible Automation Platform context) via insufficient session expiration that allows a valid OAuth token to remain usable after logout, enabling persistent access and unauthorized read of inventories, playbooks, and config data. The connected Red Hat adviso...
CVE-2026-44188
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...
PT-2026-49189
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...
CVE-2026-50101
Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...
CVE-2026-50101 Naxclow IoT Platform Not using password aging
Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...
CVE-2026-50101 Naxclow IoT Platform Not using password aging
Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...
CVE-2026-50101
CVE-2026-50101 affects Naxclow IoT Platform devices. The issue is a server-side, per-device relay credential that never rotates and is re-issued on every boot. Since the credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, an adversary who gains it can mai...