17310 matches found
MINI-PG22-R99W-6HGQ
Bulletin has no description...
CVE-2025-52365
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...
SUSE CVE-2026-25120
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...
SUSE CVE-2026-25140
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...
SUSE CVE-2026-25229
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...
PT-2026-22907
Name of the Vulnerable Software and Affected Versions Hallo Welt! GmbH BlueSpice versions 5.1 through 5.1.5 Hallo Welt! GmbH BlueSpice versions 5.2 through 5.2.0 Description An issue exists in the Extension:NSFileRepo modules of BlueSpice that allows access to functionality not properly constrain...
Malicious code in risk-utilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 22f9a9b921e53b4755c41241969fcc8b410b09f29a63ed9c23c5a19c966b4946 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
MAL-2026-1223 Malicious code in risk-utilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 22f9a9b921e53b4755c41241969fcc8b410b09f29a63ed9c23c5a19c966b4946 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
Malicious code in optimal-spark-config (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...
MAL-2026-1222 Malicious code in optimal-spark-config (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...
MAL-2026-1225 Malicious code in urllib-slim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
Malicious code in urllib-slim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
Malicious Package
Overview fps-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
CVE-2025-52365
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...
PT-2026-26005
Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys imageKey / fileKey when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redire...
CVE-2025-52365
The CVE-2025-52365 entry concerns a command injection in the szc script of the ccurtsinger/stabilizer repo. The issue stems from improper input handling where command-line arguments are directly concatenated into shell commands via os.system(), enabling remote command execution. Public references...
CVE-2025-52365
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...
CVE-2025-52365
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...
Directory Traversal
mcp-server-git is vulnerable to Directory Traversal. The vulnerability is due to the gitinit tool accepting arbitrary filesystem paths and creating Git repositories without validating the target location, where an attacker can exploit this to create repositories at arbitrary locations, and...
Ubuntu: Security Advisory (USN-5376-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...