1083879 matches found
Malicious code in cipherflow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 281ede3c5b3181c2df22a4b32a01453a51ac389a1dfe8bde69d53821cbaf20d4 cipherflow advertises itself as a zero-dependency pure-Python AES/DES library, but cipherflow/environ.py contains a multi-layer-obfuscated payload th...
MAL-2026-5839 Malicious code in cipherflow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 281ede3c5b3181c2df22a4b32a01453a51ac389a1dfe8bde69d53821cbaf20d4 cipherflow advertises itself as a zero-dependency pure-Python AES/DES library, but cipherflow/environ.py contains a multi-layer-obfuscated payload th...
EUVD-2026-36932
Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...
EUVD-2026-36799
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
EUVD-2026-36778
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...
EUVD-2026-36771
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...
EUVD-2026-36770
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
EUVD-2026-36794
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...
EUVD-2026-36759
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...
EUVD-2026-36757
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
EUVD-2026-36747
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...
EUVD-2026-36743
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...
EUVD-2026-36749
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...
EUVD-2025-210155
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
EUVD-2025-210154
A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...
MINI-HJMJ-P3P5-RHJW
Bulletin has no description...
CVE-2026-48836
Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...
CVE-2026-39465
Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...
MINI-77X4-GGVH-6WJQ
Bulletin has no description...
MINI-84C2-PGM8-RPQC
Bulletin has no description...