CVE-2026-7191

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

CVE-2026-7191

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

EUVD-2026-25921

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

PT-2026-35526

Name of the Vulnerable Software and Affected Versions qnabot-on-aws versions prior to 7.3.0 Description Improper use of the static-eval npm package allows an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context. This is achieved by injecting a...

CVE-2026-32138

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...

CVE-2024-8535

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as ...

CVE-2024-8535

Affected products: Citrix NetScaler ADC and NetScaler Gateway. Vulnerability: Authenticated users can access unintended user capabilities when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with Kerberos SSO using a KCDAccount, or as an Auth Server (AAA Vserver) wi...

MAL-2022-353 Malicious code in @immersive-composer/backend-resources-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46be4d1d5f47338da956e735c11099f0e63650fba283931bbfa69dd6fdc8427d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @immersive-composer/backend-resources-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46be4d1d5f47338da956e735c11099f0e63650fba283931bbfa69dd6fdc8427d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 09, 2021 7:01am UTC reported: CVE-2021-26855 CVE-2021-26855 is an SSRF vulnerability in Exchange that allows privileged access to Exchange’s backend resources, ultimately leading to pre-auth RCE when...