207 matches found
Malicious code in fe-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6181b15ad071542a35154cffc71bc4771db039f548eabfe4100271000e4e3116 The package's default-exported getPlugin function fetches https://svganchordev.net/icons/110 and passes the response's data.credits field to new...
EUVD-2023-29228
Malicious code in bioql PyPI...
BIT-VAULT-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-46616
CVE-2025-46616 affects Quantum StorNext Web GUI API and StorNext components (StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage) prior to version 7.2.4. The vulnerability stems from a file upload path that could enable Arbitrary Remote Code Execution (RCE). Impact is d...
CVE-2025-46616
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...
PT-2025-17891 · Quantum · Quantum Stornext Web Gui Api +3
Name of the Vulnerable Software and Affected Versions: StorNext RYO versions prior to 7.2.4 StorNext Xcellis Workflow Director versions prior to 7.2.4 ActiveScale Cold Storage versions prior to 7.2.4 Quantum StorNext Web GUI API versions prior to 7.2.4 Description: The issue allows potential...
CVE-2025-22395
Dell Update Package Framework, versions prior to 22.01.02, contains a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of...
webkitgtk: Arbitrary Remote Code Execution
A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...
NFR Agent FSFUI Record Arbitrary Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFR Agent FSFUI Record Arbitrary Remote File Access', 'Description' = %q NFRAgent.exe, a component of Novell File Reporter NFR, allows remote...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that originates from allowing any user with editing privileges to execute arbitrary remote code by adding relevant instances to their user...
CVE-2024-3126 Command Injection in parisneo/lollms-webui
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
RLSA-2023:7716 Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Arbitrary Remote Code Execution CVE-2023-42917 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Arbitrary Remote Code Execution CVE-2023-42917 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Arbitrary Remote Code Execution CVE-2023-42917 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
CVE-2023-3452 Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-33374
Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote...
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Recent...