MAL-2026-4510 Malicious code in cerebrum-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0ac38481a69f23f9170b098fcd48cd72b82edb969bdd44eb3aa5cc377a13a0d On npm install, the package's postinstall hook runs setup.js, which decodes an embedded base64 string into a tar.gz file at ../../../tempbundle.tar.g...

Malicious code in n8n-nodes-pentest-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a813bc4a209e75b50151451de1c2a3c4a7e916b181b314416eafc43492b4eb5 On npm install, the package's postinstall script runs a shell pipeline that reads the Kubernetes service-account token from...

MAL-2026-4617 Malicious code in n8n-nodes-pentest-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a813bc4a209e75b50151451de1c2a3c4a7e916b181b314416eafc43492b4eb5 On npm install, the package's postinstall script runs a shell pipeline that reads the Kubernetes service-account token from...

MAL-2026-4479 Malicious code in anthropic-shared-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e54ef50a83e2f379965286ed404d16ca3389a9ce5c8593718ef4e6f307cc6084 This package impersonates Anthropic's internal namespace and self-describes as 'Full RCE PoC - Alex Birsan Style'. Its package.json declares a...

Netatalk 缓冲区错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain a buffer error vulnerability. This vulnerability stems from the lack of output length...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a confusion between UCS-2 typ...

Honeywell Control Network Module 安全漏洞

The Honeywell Control Network Module is a network communication control module developed by the American company Honeywell, aimed at industrial automation and process control systems. The Honeywell Control Network Module has a security vulnerability, which stems from command injection in the web...

📄 Cockpit 359 Remote Code Execution

Cockpit versions 357 through 359 suffer from a remote code execution vulnerability. Exploit Title: Cockpit 359 - RCE Date: 18-04-2026 Exploit Author: @intx0x80 Vendor Homepage: https://cockpit-project.org/ Software Link: https://github.com/cockpit-project/cockpit Version: 327-359 Tested on: Debai...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have a security vulnerability. This vulnerability arises from failing to clean up the path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field...

PT-2026-42662

Name of the Vulnerable Software and Affected Versions LMDeploy versions 0.12.3 and earlier Description LMDeploy is a toolkit for compressing, deploying, and serving large language models. The software hardcodes trust remote code=True in multiple HuggingFace model-loading call sites, specifically...

PT-2026-42396

Name of the Vulnerable Software and Affected Versions Avada Builder fusion-builder versions prior to 3.15.3 Description The Avada Builder plugin for WordPress allows unauthenticated remote code execution through PHP Function Injection. The issue occurs because the wp conditional tags case within...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of CSRF tokens, which could allow attackers to overwrite PHP files...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from a CSRF vulnerability in the installpackage method, which could allow attackers to force t...

PT-2026-42401

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description The ptracePT SC REMOTE function failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. This allows a user with debugging capabilities to trigger arbitrary cod...

PT-2026-42440

Honeywell Control Network Module CNM contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution RCE...

Netatalk 缓冲区错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain a buffer error vulnerability. This vulnerability stems from improper termination of emp...

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization in the ExpressEntryList block controller. This could allow malicious administrators wi...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the...

Gmission Web Fax 输入验证错误漏洞

Gmission Web Fax is a network fax management system developed by the South Korean company Gmission. In versions 3.0 to 3.1 of Gmission Web Fax, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper input validation and unrestricted uploading of...

PT-2026-42535

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Concrete CMS fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field during the process of saving page type composer form layouts. An authenticated...