AlmaLinux 10 : openssh (ALSA-2026:13380)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13380 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

Astra Linux – Vulnerability in libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

Astra Linux – Vulnerability in Jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

Astra Linux – Vulnerability in emacs

GNU Emacs version 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file. This is because lib-src/etags.c uses the system’s C library function in its implementation of the ctags program. For example, a victim might use the “ctags ” command as suggeste...

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process could perform arbitrary chmod operations on the target...

Astra Linux – Vulnerability in Less

The value “less through 653” allows for OS command execution via a newline character in the file name, due to improper handling of quotes in the filename.c file. Exploitation typically requires the use of file names controlled by the attacker, such as those extracted from untrusted archives...

Exploit for CVE-2026-36356

CVE-2026-36356: MeiG Smart FORGESLT711 GoAhead — Unauthentica...

MAL-2026-3309 Malicious code in google-cloud-secret-manager-config-poc (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

Malicious code in @athena-portal/themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ceef23383971e2a8f5f8f790c03e71fe17b0a7fc7dee044e2fd39424ce20856 The package @athena-portal/themes was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3244 Malicious code in puan4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6be2e7028440f68ad3621664d195d72288e6a1d8658f16a421f3ec52d63d6f7a During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like sensitive files and browsers' dat...

MAL-2026-3296 Malicious code in ally-badges (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...

MAL-2026-3243 Malicious code in puan3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 531ab02814e67f81e5c82fb57b72d59c3972d0975932f6e9d00ea680040e9a13 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...

MAL-2026-3240 Malicious code in timesmcplib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3238 Malicious code in timemcplib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96a6c2c025f60e6c36b5c0c5325d3cd39c3d2a25f693ba82877fa73d87eb3b6f During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

MAL-2026-3232 Malicious code in codewhisperer-streaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in currenttimerlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3229 Malicious code in currenttimerlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

Arbitrary Command Injection

Overview yii2-mcp-server is a MCP Server for Yii2 Framework - Database schema inspection, command execution, and project management Affected versions of this package are vulnerable to Arbitrary Command Injection via the yiicommandhelp or yiiexecutecommand functions in the MCP Interface. An attack...