EUVD-2025-197844

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to unsafe interaction between sudo rules and file system permissions. The web server account is granted passwordless sudo access to certain maintenance scripts while also being a member of a group that...

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

CVE-2025-34323

Nagios Log Server is vulnerable in versions prior to 2026R1.0.1 due to an unsafe interaction between passwordless sudo rules and group-writable script directories. The www-data user is in the nagios group, which has write access to /usr/local/nagioslogserver/scripts, while scripts in that directo...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

PT-2025-47192

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have a local privilege escalation issue. This is due to an unsafe interaction between sudo rules and file system permissions. The web...

PT-2025-47180

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software is susceptible to a cross-site scripting issue due to improper input neutralization during web page generation. This allows for the injection of malicious scripts into web pages...

GHSA-G2J9-G8R5-RG82 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal

Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...

CVE-2025-8397

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Rockwell Automation Studio 5000 Simulation Interface Code Execution Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...

PT-2025-46942

Name of the Vulnerable Software and Affected Versions Creta Testimonial Showcase WordPress plugin versions prior to 1.2.4 Description The Creta Testimonial Showcase WordPress plugin is susceptible to a Local File Inclusion issue. Attackers with editor-level access or higher can include and execut...

Malicious code in mutation-local-archaeoastronomy-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ab62bb148c77dd2d5c67896079fcfd49954b6069a61c7291227b75beb98678 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in abiogenesis-proxima-astro-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d17178550a24192e99f40c2a9a3ba7bbd1e503c96df3ba401baff83d82ccdc48 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tardigrade-mini-css-extract-plugin-nightwatch-blueshift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eccd2dbe37050ec44770db072262af063d90c8cbb1f901cc4ab7337d91745c94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in astrophysics-extremophile-library-bulma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf10cbf40031ebfaa532db3444c9428c5e03586a9488e2adf2fbc812a3d7f4bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in serialize-bash-authenticate-execute-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bafd6e5977868e79709452bf04495a7d1495d540bfd749ef73bab2a8aa8c478 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in astrobiology-brane-cosmicsilence-superflare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d71b6b4fd8ed016d865ecd9f0470d10e9a4a33aa1bea3e56dab915fe159f08a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in abstract-interface-stub-delta-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bea2e8001fba4e0c06b3e79d1b45abbcd43329f409b01df4ddc089f09b4e4d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spectroscopy-dotenv-cassini-sedimentology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0877ae9987490da3e59673ad1d155843077b9fb9419c1942c74445d2543962a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eventhoriz-event-planckscale-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a969531dc342a3106319fd93ac645317db9acde1778df1db5647cfd186fda89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fermiparadox-redshift-rollup-plugin-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfbf33468d1a669d9d3768f32cc08b7d8834db618abdd21c594206c8359a7542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...