2293 matches found
Malicious Package
Overview time-server-test is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and send i...
Malicious Package
Overview time-server-analyzer is a malicious package. This package contains malicious code intended to exfiltrate data, and its contents have been removed from the official package manager. Although it appears to be a time-related utility, its main function is to collect system information and se...
CVE-2025-9414
A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty bundled with WebSphere Remote Server affected denial of service due to Apache Commons FileUpload (CVE-2025-48976)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...
ROS-20250822-21
A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...
Security Bulletin: IBM WebSphere Application Server which is bundled with WebSphere Remote Server, could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by a security bypass vulnerability (CVE-2025-54090)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
StarDict 安全漏洞
StarDict is a desktop dictionary software from StarDict open source. A security vulnerability exists in StarDict version 3.0.7+git20220909+dfsg-6, which stems from the YouDao plugin sending X11 selections to a remote server via plaintext HTTP...
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
/ Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-8191 Title : Swagger UI 1.0.3 - Cross-Site Scripting XSS Description : CVE-2025-8191, a vulnerability in the Swagger UI service due to poor description parameter filtering, leading to command execution on a remote server. / include...
git: Git arbitrary file writes
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles,...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by a security bypass vulnerability (CVE-2024-56339)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...
Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to the included Apache HTTP Server
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
git: Git arbitrary file writes
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles,...
Security Bulletin: IBM WebSphere Application Server, which is bundled with WebSphere Remote Server, is affected by an arbitrary code execution vulnerability (CVE-2025-36038)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
The vulnerability of the graphical SFTP and SCP client for the Windows operating system, WinSCP, arises from incorrect path name restrictions for access-controlled directories. This allows attackers to create a special file and control its path on a remote server.
The vulnerability of the graphical SFTP and SCP client programs for the Windows operating system is related to incorrect path name restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to create a special file and control its path on a remote server...
UBUNTU-CVE-2025-48385
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...
CVE-2025-42978
The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...
Malicious code in readium-shared-js (npm)
Malicious preinstall script exfiltrates system info hostname, user, pwd, id to a remote server. Likely a malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c907ca12944ad675a60dbfd27a1680a1b2ebf1186512d0106676795741a558a Any computer that has this package...