29 matches found
Malicious code in clavuepro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a9e3cf794eb2bc8d9ebb4bab007a52bf9fc1ed9dbc3db19695542503ec253e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in leo-connector-mongo (npm)
The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-cdk-lib (npm)
The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Social Media Management configuration fields. An attacker can execute arbitrary JavaScript in the browser context of ...
CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...
CVE-2026-27599 CI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration...
CVE-2026-27599
CI4MS (CodeIgniter 4-based CMS skeleton) is affected by a stored DOM XSS in System Settings – Mail Settings. Prior to version 0.31.0.0, fields such as Mail Server, Mail Port, Email Address, Email Password, Mail Protocol and TLS settings accept attacker-controlled input that is stored server-side ...
EUVD-2026-17199
ci4-cms-erp/ci4ms: System Settings Mail Settings Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...
osctrl 跨站脚本漏洞
OsCtrl is an open-source management software for OsQuery by JMP Security. Versions of OsCtrl prior to 0.5.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the osctrl-admin feature, which queries lists on demand, allowing for stored cross-site scripting. This could...
CVE-2026-22240
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...
CVE-2026-22236 Improper Authentication Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...
CVE-2026-22236 Improper Authentication Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...
CVE-2026-22236
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...
CVE-2026-22236
Technical details about CVE-2026-22236 are not publicly available in the provided documents. The descriptions summarize improper backend API authentication but do not specify affected components, versions, impact specifics, or fixes. Monitor for updates from vendors and security feeds.
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. A security vulnerability exists in Bluspark BLUVOYIX that stems from the exposure of sensitive internal API documentation, which could lead to an attacker abusing internal functionality to compromise the...
PT-2026-2906
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...
PT-2026-2859
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...
EUVD-2020-21055
Malware in sbrugna...