2291 matches found
EUVD-2026-19190
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument sourceurls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...
PT-2026-30336
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...
MAL-2026-2477 Malicious code in strapi-plugin-nordica-stage (npm)
strapi-plugin-nordica-stage is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
Malicious code in strapi-plugin-api (npm)
strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...
HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options...
EUVD-2026-17166
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2026-4907
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...
GO-2026-4841 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server...
CVE-2026-3966
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, are bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...
Malicious code in thisismytest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...
MAL-2026-2017 Malicious code in thisismytest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...
MAL-2026-1486 Malicious code in trello-enterprises (npm)
The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery
A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...
Malicious code in @immuta/flag-providers-web (npm)
Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...
MAL-2026-1382 Malicious code in @immuta/flag-providers-web (npm)
Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...
Malicious code in tachyon-spade-reporter (npm)
The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ad134ce018cc5d3d53f7bcb89de68046aacd2438d13bd6fb93875be5380223 The package tachyon-spade-reporter was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1386 Malicious code in tachyon-spade-reporter (npm)
The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ad134ce018cc5d3d53f7bcb89de68046aacd2438d13bd6fb93875be5380223 The package tachyon-spade-reporter was found to contain malicious code. Source: ghsa-malware...