17 matches found
Malicious code in @bonsai-ai/claude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...
CVE-2025-59896 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59896
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59896 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
EUVD-2025-206496
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59893
CVE-2025-59893 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated attacker could induce another user to perform unwanted actions due to missing CSRF token protection. The description notes a specific vector: a POST request...
Improper Access Control
commandkit is vulnerable to an improper access control.The vulnerability is due to a logic flaw in how ctx.commandName is populated for message-based command aliases, which allows an attacker to exploit incorrect permission checks or access-control logic when developers mistakenly treat the alias...
CVE-2025-62378
CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...
CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases
CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...
CVE-2025-62378
CommandKit (Discord.js meta-framework) versions 1.2.0-rc.1 through 1.2.0-rc.11 expose ctx.commandName as the alias used to invoke a message command, rather than the canonical command name. This affects both middleware and the command’s own run context, enabling potential misapplication of permiss...
CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases
CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...
GHSA-FHWM-PC6R-4H2F CommandKit has incorrect command name exposure in context object for message command aliases
Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...
CommandKit has incorrect command name exposure in context object for message command aliases
Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...
Use of Incorrectly-Resolved Name or Reference
Overview commandkit is a Beginner friendly command & event handler for Discord.js Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference due to the ctx.commandName property exposing the alias used instead of the canonical command name in both middleware...
EUVD-2017-9138
Malware in sbrugna...
CVE-2019-15714
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...
Centreon 2.3.1 - 'command_name' Remote Command Execution
source: https://www.securityfocus.com/bid/50568/info Centreon is prone to a remote command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Centreon 2.3.1 is affected; other versions may also be vulnerable...