40 matches found
Malicious code in react-dynammic-table-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...
RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Critical) (RHSA-2026:28377)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28377 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
Critical: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-44915
CVE-2026-44915 is an Open Redirect vulnerability in Apache APISIX related to the cas-auth plugin in its default configuration. The issue affects Apache APISIX versions 3.0.0 through 3.16.0 and could enable phishing and credential theft. Apache recommends upgrading to version 3.17.0, which contain...
Twenty 代码问题漏洞
Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...
CVE-2023-54360 Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the reviewid URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enablin...
CVE-2026-33720
n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...
CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2025-69437
PublicCMS v5.202506.d and earlier are exposed to a stored XSS flaw in the Pdf handling path. Uploaded PDFs can carry JavaScript payloads that bypass backend checks in CmsFileUtils.java and when viewed by a user can trigger the embedded payload, potentially enabling credential theft and arbitrary ...
CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2020-37115
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...
CVE-2020-37115
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM Db2 that stems from the clpplus command exposing...
CVE-2016-15047
CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...
CVE-2025-61998 OPEXUS FOIAXpress stored XSS via Hyperlink Manager
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the...
EUVD-2009-2503
Malware in sbrugna...
EUVD-2019-0014
Malware in sbrugna...