89 matches found
CVE-2026-44166
Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...
Malicious code in react-autolink-text (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 402f7d8c6db956de1c20cce1c23b9d2585a9210f6aae7859acb956fb66728010 The package react-autolink-text was found to contain malicious code. Source: google-open-source-security...
MAL-2026-2214 Malicious code in react-autolink-text (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 402f7d8c6db956de1c20cce1c23b9d2585a9210f6aae7859acb956fb66728010 The package react-autolink-text was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
flarum/nicknames extension has display name injection in notification emails (autolink & markdown)
Summary When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains...
GHSA-3C4M-J3G4-HH25 flarum/nicknames extension has display name injection in notification emails (autolink & markdown)
Summary When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains...
CVE-2026-30913
The CVE concerns Flarum with the nicknames extension enabled. A user’s nickname is inserted verbatim into plain‑text notification emails, allowing email clients to render it as a hyperlink. This can mislead recipients into visiting attacker‑controlled domains. The issue is tied to nickname handli...
CVE-2026-30913 flarum/nickname: Display name injection in notification emails (autolink & markdown)
Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...
CVE-2026-21635
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...
CVE-2026-21635
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...
CVE-2026-21635
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...
CVE-2026-21635
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...
EUVD-2026-0830
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...
CVE-2026-21635
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite v1.5.2 and earlier to use WiFi AutoLink feature on a device that was only adopted via Ethernet...
CVE-2026-21635
The CVE-2026-21635 issue affects Ubiquiti EV Station Lite (v1.5.2 and earlier). It is caused by improper access control that could let a malicious actor within Wi‑Fi range exploit the WiFi AutoLink feature on a device adopted via Ethernet, exposing confidentiality (high) with no impact to integri...
Ubiquiti EV Station Lite 安全漏洞
Ubiquiti EV Station Lite is a series of smart electric vehicle charging stations from Ubiquiti USA. A security vulnerability exists in Ubiquiti EV Station Lite v1.5.2 and prior versions, which stems from improper access control and could allow a malicious actor to exploit the WiFi AutoLink featur...
PT-2026-1310
Name of the Vulnerable Software and Affected Versions EV Station Lite versions prior to 1.5.3 Description An improper access control issue exists in EV Station Lite. A malicious actor within Wi-Fi range could potentially utilize the WiFi AutoLink feature on a device that was initially adopted via...
EUVD-2021-2267
Malware in sbrugna...
EUVD-2017-0075
Malware in sbrugna...
EUVD-2022-41748
Malicious code in bioql PyPI...