Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

MAL-2026-5153 Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

EUVD-2026-24916

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INTMIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs macro on s32 operands. The abs macro documentation include/linux/math.h explicitl...

CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INTMIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs macro on s32 operands. The abs macro documentation include/linux/math.h explicitl...

Linux Distros Unpatched Vulnerability : CVE-2026-31525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix undefined behavior in interpreter sdiv/smod for INTMIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs macro on s32...

PT-2026-34430

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6 Linux kernel versions prior to 6.12 Linux kernel versions prior to 6.18 Linux kernel versions prior to 6.19 Description A mismatch between the BPF verifier and the BPF interpreter in the Linux kernel allows f...

EUVD-2026-12536

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2026-4307 frdel/agent0ai agent-zero files.py get_abs_path path traversal

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2026-4307

CVE-2026-4307 affects frdel/agent0ai agent-zero 0.9.7-10. The flaw is in the get_abs_path function in python/helpers/files.py, enabling path traversal via remote access. CVSS data indicate medium severity with LOW privileges required and NETWORK access; exploit maturity is documented as PROOF-OF-...

CVE-2025-63526

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

CVE-2025-63526

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

CVE-2025-63526

The affected product is the Blood Bank Management System (abs.php). The vulnerability is a cross-site scripting (XSS) flaw caused by improper sanitization/encoding of user input before rendering in the response. An attacker can inject malicious JavaScript into the msg parameter, which is executed...

CVE-2025-63535

A SQL injection vulnerability exists in Blood Bank Management System 1.0 in the abs.php component. The flaw stems from improper sanitization of user input in SQL queries, enabling an attacker to inject arbitrary SQL through the search field and bypass authentication to gain unauthorized access. A...

EUVD-2025-199999

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

Blood Bank Management System 安全漏洞

Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the abs.php component that could lead to unauthorized access...

CVE-2025-0929 SQL injection vulnerability in TeamCal Neo

SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’...

TeamCal Neo 跨站脚本漏洞

TeamCal Neo is a calendar-based web application from the individual developer George Lewe. A cross-site scripting vulnerability exists in TeamCal Neo version 3.8.2. An attacker can exploit this vulnerability to execute malicious JavaScript code by injecting code via the abs parameter in...

TeamCal Neo SQL注入漏洞

TeamCal Neo is a calendar-based web application by George Lewe Personal Developer. A SQL injection vulnerability exists in TeamCal Neo version 3.8.2. An attacker can use this vulnerability to inject malicious SQL statements via the "abs" parameter in "/teamcal/src/index.php" to retrieve, update,...

PT-2025-4101 · Unknown · Teamcal Neo

Name of the Vulnerable Software and Affected Versions: TeamCal Neo version 3.8.2 Description: The issue is a Reflected Cross-Site Scripting XSS that allows an attacker to execute malicious JavaScript code. This is achieved by injecting code via the abs parameter in the "/teamcal/src/index.php" AP...

CVE-2025-23703

CVE-2025-23703 describes a Cross-Site Request Forgery to Stored Cross-Site Scripting in the Free MailClient FMC WordPress plugin. Affected software: Free MailClient FMC (plugin for ABS-Hosting.nl/Walchum.net) up to version 1.0. Root cause as described in connected sources is CSRF enabling stored ...