46 matches found
9Router <= 0.4.36 - Unauthenticated RCE
9Router = 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/ and /api/mcp/ entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, the...
Malicious code in visa-cli-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0e8f566e285de1eec2c3cae07b0faaa8828080a4e1fed7e76e1fe43dfa571ec Package presents as an internal-looking corporate tooling name 'visa-cli-tools' published at an inflated version 99.9.1 — the canonical...
PT-2026-42036
Name of the Vulnerable Software and Affected Versions 9router versions 0.4.30 through 0.4.36 Description 9router contains a flaw where the Next.js middleware fails to protect several API endpoints, allowing unauthenticated network-adjacent attackers to execute arbitrary OS commands as the user...
EUVD-2019-17185
Malware in sbrugna...
EUVD-2019-0003
Malware in sbrugna...
GHSA-X4RX-4GW3-53P4 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector, osv-scanner, goreleaser, kargo, aws-otel-collector, tw, splunk-otel-collector, apko, nerdctl, openfga, trufflehog, spire-server, buf, buildah, prometheus, grype, opentelemetry-collector-contrib, wolfictl, docker-compose, buildkitd, melange,...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
RHEL 8 : Red Hat OpenShift Serverless Client kn 1.12.0 (Moderate) (RHSA-2021:0145)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0145 advisory. Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux...
USN-6773-1: .NET vulnerabilities
It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. CVE-2024-30045 It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use th...
BIT-RABBITMQ-2021-32718 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...
Fedora: Security Advisory for kde-cli-tools (FEDORA-2023-e31c3e4b6c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5798-1: .NET 6 vulnerability
Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint...
MAL-2022-1184 Malicious code in avax-js-cli-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20bcbb8282cba23d9c896b37231cedc6bae3b5042eff2693e1ee677525401345 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wallet-cli-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d228e16eb4c5d94664318aad7e989056093999fdd5b457b61629abe937fdadfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...
openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...
SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...
CVE-2021-32719
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...
Design/Logic Flaw
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...