EUVD-2026-3133

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

CVE-2026-1050

CVE-2026-1050 concerns risesoft-y9 Digital-Infrastructure up to 9.6.7. The vulnerability is in the REST Authenticate Endpoint, specifically in Y9PlatformUtil.java, where an attacker can trigger SQL injection via remotely crafted requests. Multiple sources (NVD, Red Hat, circl, OSV, GHSA, Snyk) co...

PT-2026-3366

Name of the Vulnerable Software and Affected Versions risesoft-y9 Digital-Infrastructure versions up to 9.6.7 Description A flaw exists in risesoft-y9 Digital-Infrastructure up to version 9.6.7. The issue affects an unknown function within the file...

MiracleLinux 4 : libssh2-1.4.2-3.AXS4.1 (AXSA:2019-3922:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3922:01 advisory. libssh2: Integer overflow in transport read resulting in out of bounds write CVE-2019-3855 libssh2: Integer overflow in keyboard interactive handlin...

CVE-2019-11143

Improper permissions in the software installer for IntelR Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-15135

CVE-2025-15135 affects the project joey-zhou xiaozhi-esp32-server-java (up to 3.0.0). The vulnerability is in the Cookie Handler component, specifically the function tryAuthenticateWithCookies() inside AuthenticationInterceptor.java. Manipulation of this function can lead to improper authenticati...

curl: Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes

Summary A recent migration of the Digest authentication parsing logic to the curlxstr strparse API introduced two functional parsing regressions in lib/vauth/digest.c. 1. Optional Whitespace OWS Handling The current implementation fails to skip optional whitespace after comma delimiters in...

EUVD-2025-180219

Malicious code in authenticate-array-cluster-mock-import npm...

EUVD-2025-177184

Malicious code in pi-authenticate-cold-encrypt-alert npm...

EUVD-2025-179137

Malicious code in encrypt-meta-authenticate-log-string npm...

EUVD-2025-178196

Malicious code in key-static-authorize-authenticate-quick npm...

EUVD-2025-177883

Malicious code in meta-grep-stack-serialize-authenticate npm...

EUVD-2025-180520

Malicious code in abstract-mu-kappa-authenticate-decode npm...

EUVD-2025-179383

Malicious code in decode-authenticate-final-delta-enum npm...

EUVD-2025-178380

Malicious code in integer-optimize-alpha-byte-authenticate npm...

Malicious code in minify-mu-catch-authenticate-user (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3b2212cf649bbcec1267832b53976a224b9a0387e17e082b8641dda41bc920 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176424

Malicious code in serialize-eta-authenticate-authorize-sigma npm...

EUVD-2025-180180

Malicious code in await-tree-cat-omega-authenticate npm...

EUVD-2025-176426

Malicious code in serialize-bash-authenticate-execute-cloud npm...