CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...

CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (February 2026)

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Remote code execution due to a directory traversal vulnerability...

PT-2026-22916

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from incorrect implementation of the...

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the management console. The issue results from incorrect implementation of the...

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

MajorDoMo Console Eval Unauthenticated RCE

This module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panel's PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call intended to...

Malicious code in colorize-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f4e60bdcd92f4f5690797fa091f0acb0a463de5c353ded0f6f5e7317a2f84eb The package colorize-console was found to contain malicious code. Source: ghsa-malware a0e5faaa04c5e7d06c634dc2be1f148aa27acb8842f1731dad902bdb3e33d1...

Malicious Package

Overview colorize-console is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1128 Malicious code in colorize-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f4e60bdcd92f4f5690797fa091f0acb0a463de5c353ded0f6f5e7317a2f84eb The package colorize-console was found to contain malicious code. Source: ghsa-malware a0e5faaa04c5e7d06c634dc2be1f148aa27acb8842f1731dad902bdb3e33d1...

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

WordPress Plugin Web Accessibility by accessiBe Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Web Accessibility by...

📄 WordPress Query Console 1.0 Code Injection

This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)

Summary A cross-site scripting vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server...

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

EUVD-2026-8590

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover...

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover

Summary A Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from localStorage, leading to full account...