Malicious code in @open-banking/cabinet-providers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 376acc0a3b29a3d768a5be7ea618329182989929f9e31fac8c176836b7c4b280 @open-banking/[email protected] is a dependency-confusion bait package anomalously high version under a generic scope that exfiltrates...

MAL-2026-5392 Malicious code in @open-banking/cabinet-providers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 376acc0a3b29a3d768a5be7ea618329182989929f9e31fac8c176836b7c4b280 @open-banking/[email protected] is a dependency-confusion bait package anomalously high version under a generic scope that exfiltrates...

CVE-2026-34596

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

CVE-2026-34596

Sandboxie-Plus (Windows) prior to v1.17.3 contains a TOCTOU race during addon installation. UpdUtil.exe runs as SYSTEM via SandBoxieSvc, stages updater files in %TEMP%\sandboxie-updater, verifies hashes against the addon manifest, then extracts files.cab and runs config.exe. An unprivileged user ...

SUSE CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32277

Summary: CVE-2026-32277 affects Connect-CMS Cabinet Plugin list view with a DOM-based XSS. Affected versions: 1.x series >= 1.35.0 and = 2.35.0 and

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

EUVD-2026-14568

Connect-CMS has DOM-based Cross-Site Scripting XSS in the Cabinet Plugin List View...

GHSA-CMFH-MPMF-FMQ4 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...

Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of saved names in the Cabinet Plugin list view. An authenticated user can execute arbitrary scripts in a victim's browser by injecting malicious input, potentially leading to unauthorize...

OpenSource-WorkShop Connect-CMS 跨站脚本漏洞

OpenSource-WorkShop Connect-CMS is a content management system developed by the OpenSource-WorkShop company, designed for easy website creation. Versions 1.35.0 to 1.41.0 and 2.35.0 to 2.41.0 of OpenSource-WorkShop Connect-CMS contain cross-site scripting vulnerabilities. These vulnerabilities st...

PT-2026-27229

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...

Schneider Electric EcoStruxure Foxboro DCS

GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business...

CVE-2025-69907

An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration...