Malicious code in @hanssoft/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063fa3a06df50a8c53c5eb05ac4d1214e6fa1edfb18d03c8484fa2014190659a Package name impersonates the well-known libsignal-node Signal Protocol library and ships a verbatim copy of its README, but the code is unrelated. O...

CVE-2026-23523

Dive (MCP Host Desktop Application) prior to version 0.13.0 is affected. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation, leading to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0...

EUVD-2021-14595

Malware in sbrugna...

EUVD-2021-21682

Malware in sbrugna...

EUVD-2022-2052

Malicious code in bioql PyPI...

EUVD-2025-10705

Malicious code in bioql PyPI...

EUVD-2022-38749

Malicious code in bioql PyPI...

EUVD-2025-20404

Malicious code in bioql PyPI...

CVE-2025-54925

Schneider Electric EcoStruxure Power Monitoring Expert is affected by a Server-Side Request Forgery (SSRF) in the ExportDataAsXML path. The vulnerability allows remote attackers to disclose sensitive data by configuring the application to access a malicious URL; exploit described as requiring no ...

SAP BusinessObjects Business Intelligence Platform SSRF Vulnerability (3598118)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000200, 4.3 SP004 001300, or 4.3 SP005 000000. It is, therefore, affected by a vulnerability as referenced in the 3598118 advisory. The SAP CMC Promotion Management allows an...

CVE-2023-20214

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

CVE-2025-24349

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...

CVE-2025-24349

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...

CVE-2025-46326

Snowflake Connector for .NET has a TOCTOU race in the Linux/macOS Easy Logging config file check. Versions 2.1.2 through before 4.4.1 are vulnerable: a local attacker with write access to the logging config file or its directory could overwrite configuration, gaining control over logging level an...

CVE-2024-8313 Default or Guessable SNMP community names in B&R APROL

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL 4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP...

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

PT-2022-6340 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to the transmission of information sufficient for recovering encryption keys in plain text, which could allow a remote attacker to decrypt the configuration protoco...

CVE-2020-9251

HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160C00E160R2P11 have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function...

cgimail.txt

Advisory: CGIMailer v3.01 for Windows 95/98/2000/NT4.0 Chopsui-cideMmM The Mad Midget Mafia - http://midgets.box.sk/ ======================================================================= Summary: ========== Date released: 15/03/2000 dd/mm/yyyy. Risk: reading of private files. Vulnerability foun...

CVE-2000-0147

snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration...