7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +576 more potentially affected by unknown CVE via @antv/algorithm (>=0.0.6 <=0.1.8-beta.6)

@antv/algorithm NPM version =0.0.6, =0.1.1, =0.1.2, =1.1.43, =5.0.48, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =2.6.7 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3850...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...

CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

CVE-2026-40903

CVE-2026-40903 – Goshs ArtiPACKED vulnerability : goshs is a SimpleHTTPServer written in Go. Before 2.0.0-beta.6, it is affected by an ArtiPACKED vulnerability that can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even if the token is not present in the repository source code. ...

CVE-2026-40884

CVE-2026-40884 (goshs) affects the SFTP service in goshs, a Go SimpleHTTPServer. Before 2.0.0-beta.6, starting the server with the documented empty-username basic-auth syntax (for example, -b ':pass' together with -sftp) can bypass SFTP password authentication because no password handler is insta...

CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

PT-2026-34060

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the GITHUB TOKEN through workflow artifacts, even when the token is not included in the repository source cod...

@chirpy-dev/analytics (=0.0.1), @chirpy-dev/ui (=0.0.1) +39 more potentially affected by unknown CVE via next-auth (>=4.0.0-beta.6 <=4.24.11)

next-auth NPM version =4.0.0-beta.6, =1.9.0, =0.1.0-0, =0.0.2, =1.0.0, =1.0.0, =4.0.0-alpha.24, =0.0.0-experimental-20260318092212, =0.0.0-experimental-20260318092212, =0.6.1, =0.0.0-0d361a26c, =1.11.1-ee257e05.17 and more Source cves: unknown CVE Source advisory: SNYK:JS-NEXTAUTH-13744118...

CVE-2009-5052

Smarty before 3.0.0 beta 6 is affected by multiple unspecified vulnerabilities. The entries consistently cite unknown impact and attack vectors, with no concrete details on root cause, affected components, or exploit paths in the provided documents. The scope is limited to the version boundary “b...

linkSpheric 'viewListing.php' SQL Injection Vulnerability

The host is running linkSpheric and is prone to SQL Injection vulnerability. OpenVAS Vulnerability Test $Id: gblinksphericviewlistingsqlinjvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ linkSpheric 'viewListing.php' SQL Injection Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbon...

Sql injection

SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter...

CVE-2009-3510

CVE-2009-3510 corresponds to a SQL Injection in linkSpheric 0.74 Beta 6, specifically in viewListing.php via the listID parameter. The OpenVAS entries describe the vulnerability as prone to SQL injection in that endpoint, enabling remote attackers to potentially execute arbitrary SQL commands. Th...

CVE-2009-3510

SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter...

linkSpheric 0.74 Beta 6 SQL Injection

=============================================================================================== o linkSpheric 0.74 Beta 6 SQL Inejction Vulnerability Software : linkSpheric version 0.74 Beta 6 Vendor : http://dataspheric.com/ Download : http://sourceforge.net/projects/linkspheric/ Author : NoGe...

phpAlbum &lt;= 0.4.1 Beta 6 (language.php) Local File Inclusion Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

PHPAlbum 0.4.1 Beta 6 - &#039;language.php&#039; Local File Inclusion

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon | friend str0ke ; pepi,...

RARLAB WinRAR 3.x - LHA Filename Handling Buffer Overflow

RARLAB WinRAR 3.x - LHA Filename Handling Buffer Overflow // source: https://www.securityfocus.com/bid/19043/info WinRAR is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffe...

WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow

WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow """ WinRAR - Stack Overflows in SelF - eXtracting Archives ====================================================== Tested Versions..: WinRAR 3.60 beta 4 Original Author.............: posidron Shellcode Stuffing .........: muts """ import os, sys...