1243 matches found
CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint
MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...
CVE-2026-27181
MajorDoMo is affected by an unauthenticated module-uninstall vulnerability via the market endpoint. The market/admin flow reads gr('mode') from $_REQUEST and sets $this->mode before authentication, making all mode-gated paths reachable through /objects/?module=market. The uninstall handler cal...
PT-2026-20517
MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $ REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...
MajorDoMo 安全漏洞
MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the admin method in the market module, which reads grmode from $REQUEST and assigns it to $this-mode. As a result, all...
GHSA-4F84-67CV-QRV3 A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
CVE-2025-36640 Local Privilege Escalation
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...
CVE-2025-36640 Local Privilege Escalation
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...
Tenable Nessus Agent Tray App 安全漏洞
Tenable Nessus Agent Tray App is a tray component from Tenable USA. A security vulnerability exists in Tenable Nessus Agent Tray App that stems from an installation/uninstallation issue on Windows hosts that could lead to elevated privileges...
CVE-2020-12703
UliCMS before 2020.2 has XSS during PackageController uninstall...
Smb4K 参数注入漏洞
Smb4K is a KDE open source online neighborhood browser. Smb4K suffers from a parameter injection vulnerability that stems from improper parameter delimiter neutralization, which could lead to a local user performing an arbitrary uninstall operation...
Veeam Agent for Microsoft Windows 13.0.1.120 to 13.0.1.1009 Upgrade Notes
Article Applicability This article documents notable deviations from the standard Veeam Agent for Microsoft Windows upgrade procedure that occur only when upgrading from Veeam Backup & Replication VBR 13.0.1 build 13.0.1.180 to 13.0.1 Patch 1 build 13.0.1.1071. This patch to VBR includes a new...
Malicious code in aiihttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...
MAL-2026-35 Malicious code in aiihttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...
MAL-2026-37 Malicious code in aoohttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9d3438b2d065c0535b5ac80ce789201be4f8095642d0f10a20a7da13d46152f8 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...
MAL-2026-38 Malicious code in auohttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f4b76a407d91e23cb990d6ed08e3c0e81898f2b97d690db76b4e3b547fda5fab Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...
MAL-2026-36 Malicious code in aiohtto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an attempt to create an extended attribute block despite uninstallation, which could result in a null pointer...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unused device management snddevmcardnew function, which could result in a memory access error when a modu...
Linux Distros Unpatched Vulnerability : CVE-2023-54138
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code ca...