14 matches found
CVE-2026-35175
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
CVE-2026-35175
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
CVE-2026-35175
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
GHSA-73JV-44C3-J5P2 Ajenti has an authorization bypass during custom package installation
Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...
Ajenti has an authorization bypass during custom package installation
Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...
MAL-2025-177386 Malicious code in poglymer-ogmih-affg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d80511ede6f618285808a799221e1559b8bd20968482e0c753732aae76e0876b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-126014 Malicious code in eka-kue18-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc51e56f0f771372e32b72a6ba32ba19cc5c7a0fd1a7002c400f7c0e4b114efb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-96602 Malicious code in single_landfowl_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1eb40c5215f9cbf37d3e7fd2d6335cd34a2d6831975e7775b3117592cd2325 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79269 Malicious code in joko-tahu48-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9d242f5ed403f8ee56fb50fa1e0d0a15fc9c9e6b7e466231b17db5d6f2b2a72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ogi-nasicampur7-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26c5d91ee0a7f4166e06054f3607ba5569182384856fc75f2313ceba83024f40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
SUSE CVE-2011-2645
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM...
CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...
CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...
GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...