2142 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198870
Malicious code in @ensdomains/name-wrapper npm...
Malicious code in @ensdomains/name-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfefd8b0b2d182a283e0934b365d98833a12639552eab96ebe6b69572c15c0d The package @ensdomains/name-wrapper was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190807 Malicious code in @ensdomains/name-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfefd8b0b2d182a283e0934b365d98833a12639552eab96ebe6b69572c15c0d The package @ensdomains/name-wrapper was found to contain malicious code. Source: ghsa-malware...
CVE-2025-64182
A memory-safety vulnerability has been identified in the Python bindings of OpenEXR, where improper checks on image channels and attribute stealing operations may result in buffer overflow when processing crafted EXR files or Python objects. An attacker supplying a malicious EXR file or crafted...
GO-2025-4119 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql...
EUVD-2025-180214
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance...
Uncontrolled Search Path Element
Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker...
GHSA-8WJ8-CFXR-9374 AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...
Uncontrolled Search Path Element
Overview awsadvancedpythonwrapper is an Amazon Web Services AWS Advanced Python Driver Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious...
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating crafted functions with names that...
Uncontrolled Search Path Element
Overview aws-advanced-nodejs-wrapper is a Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating...
GHSA-7WQ2-32H4-9HC9 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance
Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...
EUVD-2025-180216
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance...
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance
Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...
EUVD-2025-180218
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance...
ch.admin.bit.jeap:jeap-archrepo-docgen (>=2.10.0 <=3.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-openapi (>=1.10.0 <=3.1.1) +8 more potentially affected by CVE-2025-12967 via software.amazon.jdbc:aws-advanced-jdbc-wrapper (>=2.3.7 <=2.5.6)
software.amazon.jdbc:aws-advanced-jdbc-wrapper MAVEN version =2.3.7, =2.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =17.16.0, =2.0.0, =2.0.8 - org.keycloak.tests:keycloak-tests-base =26.6.0 Source cves: CVE-2025-12967 Source advisory: OSV:GHSA-7XW4-G7MM-R4HH...
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...