MAL-2026-4656 Malicious code in raise-common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...

Malicious code in raise-common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...

@backstage/plugin-catalog-backend-module-unprocessed (>=0.0.0-nightly-20240321021124 <=0.6.11-next.0), @backstage/plugin-catalog-unprocessed-entities (>=0.0.0-nightly-20251203024610 <=0.2.30-next.0) potentially affected by CVE-2026-44374 via @backstage/plugin-catalog-unprocessed-entities-common (>=0.0.0-nightly-20241116023418 <=0.0.15-next.0)

@backstage/plugin-catalog-unprocessed-entities-common NPM version =0.0.0-nightly-20241116023418, =0.0.0-nightly-20240321021124, =0.0.0-nightly-20251203024610, =0.2.30-next.0 Source cves: CVE-2026-44374 Source advisory: OSV:GHSA-P7G9-RP3G-MGFG...

MAL-2026-2716 Malicious code in @needl-ai/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1b98ae2755d0fd7d61bc3dfd378dc1bad2eadf7ef0033ba66bbf1383a711e5c The package @needl-ai/common was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

EUVD-2020-30985

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows manipulation of database queries via unvalidated input (e.g., the 'title' parameter). Impact includes potential data extraction or modification (confidentiality and integrity). Root cause: unvalida...

PT-2026-5855

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-9011:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9011:01 advisory. Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 Buildah: Podman: Improper Input...

dev.macula.boot:macula-boot-starter-powerjob (=5.0.0-RC2), io.github.dudiao:powerjob-remote-smart-http (>=0.0.3 <=0.0.4) +59 more potentially affected by CVE-2025-14518 via tech.powerjob:powerjob-common (>=4.0.0 <=5.1.2)

tech.powerjob:powerjob-common MAVEN version =4.0.0, =0.0.3, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.6.1 and more Source cves: CVE-2025-14518 Source advisory: SNYK:JAVA-TECHPOWERJOB-14401157...

EUVD-2025-3676

Malicious code in bioql PyPI...

OESA-2025-2259 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

MAL-2025-38459 Malicious code in vis-common-lib (npm)

The package vis-common-lib was found to contain malicious code...

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

CLSA-2025-1746188134 buildah: Fix of CVE-2024-9341

CVE-2024-9341: fix insecure handling of file paths inside vendored c/common...

Astra Linux - уязвимость в golang-github-containers-common, libpod

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

CVE-2025-24336

CVE-2025-24336 concerns the SXF Common Library (OCF) where improper input data handling can cause a product that uses the library to crash when reading a crafted file. Public sources consistently describe the affected component as the SXF Common Library and cite the underlying issue as mishandlin...