70 matches found
CVE-2025-23209
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...
Fiber Utils 安全特征问题漏洞
Fiber Utils is a general-purpose function library in the Fiber open source. A security feature issue vulnerability exists in Fiber Utils 2.0.0-rc.3 and earlier versions, which stems from the return of a predictable UUID on failure of the random number generator, which could lead to compromised...
EUVD-2000-0876
Malware in sbrugna...
EUVD-2018-14680
Malware in sbrugna...
EUVD-2025-24040
Malicious code in bioql PyPI...
EUVD-2024-47415
Malicious code in bioql PyPI...
EUVD-2024-46456
Malicious code in bioql PyPI...
Arbitrary Code Injection
Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...
CVE-2025-54417
Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...
CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209
Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...
CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209
Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...
CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209
Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...
Arbitrary Code Injection
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /updater/restore-db endpoint. An attacker can execute arbitrary code by crafting a malicious request after obtaining a compromised security key and creating a...
PT-2025-32419 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions 4.13.8 through 4.16.2 Craft versions 5.5.8 through 5.8.3 Description: Craft is a platform for creating digital experiences. A vulnerability exists that allows bypassing security measures, potentially leading to remote code...
MAL-2025-5767 Malicious code in clock-panel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94f232d3ca0a55cee4a30418e75111d62c8ce4b44baa018c72400b9aee310ab4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5347 Malicious code in @b10902118/note-xss-payload (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c32fc16a72dee911f560f1dc4b6915f586e2f408e93bfdb5b08d8c7444e7576 Any computer that has this package installed or running should be considered...
MAL-2025-4964 Malicious code in zora1abs-mintflow-helper (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d18f03821ee80a129d0fab4014577a7daa8dcbfa000f6b9c8632a0d311b2af0 Any computer that has this package installed or running should be considered...
MAL-2025-4794 Malicious code in @it-common/lbp_common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f47ad8887d3a6cf7a9ed49015421a0fdcde662db1ed194c1c753c1234254fd3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4841 Malicious code in keypress-win (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f954e50f0d90246c5d2855aca594a6179bc90df76259b2b657e357f06af6cb2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4722 Malicious code in base_sdk_const (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba549d28b0740cfb0d22c85b7b26e5ccacab6cf6220e202dcd28c19a1abfb81e Any computer that has this package installed or running should be considered...