252303 matches found
Malicious code in chai-val (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 515e313c5420dfe9edcb88d61079fa80dbf3539da465572fde5ece42ba6ed748 The package masquerades as a pino-logger helper file structure, exports, and keywords are copied from pino but its main entry exports a middleware th...
MAL-2026-4515 Malicious code in chai-val (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 515e313c5420dfe9edcb88d61079fa80dbf3539da465572fde5ece42ba6ed748 The package masquerades as a pino-logger helper file structure, exports, and keywords are copied from pino but its main entry exports a middleware th...
CVE-2026-2740
This CVE affects Zohocorp ManageEngine ADSelfService Plus (before 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313). Root cause: a bug in a third‑party dependency leading to Authenticated Remote Code Execution on agent machines. Affected products expose a high impact ...
CVE-2026-2740 Remote Code Execution
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
CVE-2026-2740 Remote Code Execution
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
CVE-2026-2740
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
Security update for php8
This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...
SUSE-SU-2026:2037-1 Security update for php8
This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. -...
WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...
Exploit for CVE-2026-45829
🚨 CVE-2026-45829 - ChromaDB Pre-Auth RCE Critical Remote...
Exploit for CVE-2026-4885
CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...
Exploit for CVE-2026-5118
🔥 CVE-2026-5118 Divi Form Builder --- 🎯 Ring...
CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
CVE-2026-45255
CVE-2026-45255 affects the BSD installer/config tooling (bsdinstall/bsdconfig). During Wi‑Fi network scans, code builds a list of network names and prompts the user with bsddialog(1). The shell script handling network names does not sanitize shell expansion, allowing a crafted SSID to execute com...
EUVD-2026-31263
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
CVE-2026-5433
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Malicious code in http-uploader-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...
CVE-2026-5433
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-5433
...