MAL-2026-4511 Malicious code in chai-as-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...

Malicious code in prettier-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a3bdd18c28c0c045aaed2a3e5725b3b38cb45bc9c16d0b795c4334caed17a5 Package name prettier-sdk impersonates the top-tier prettier package 50M weekly downloads, copying its README verbatim and forging metadata repositor...

Malicious code in node-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...

CVE-2026-33024

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability CWE-918 in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an...

Fastify Middie Middleware Path Bypass

Summary A security vulnerability exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify...

EUVD-2024-55345

APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path...

EUVD-2011-2204

Malware in sbrugna...

EUVD-2025-14910

Malicious code in bioql PyPI...

EUVD-2022-4034

Malicious code in bioql PyPI...

EUVD-2022-4999

Malicious code in bioql PyPI...

CVE-2025-40595

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

CVE-2025-40595

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

Open Redirect

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect. The validateurl function can be forced to follow a redirect to an unintended site if the URL is passed to the file parameter and...

PT-2024-40449 · Unknown · Silverstripe

Name of the Vulnerable Software and Affected Versions: Silverstripe affected versions not specified Description: The issue is related to an incorrectly encoded URL, which is a minor unresolved fix following a previous security release. Recommendations: At the moment, there is no information about...

CVE-2024-28344

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...

SUSE CVE-2006-2758

Directory traversal vulnerability in jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c encoded ../ in the URL. NOTE: this might be the same issue as CVE-2005-3747...

GHSA-6HJC-M38H-7JHH Cross-site Scripting in SEOmatic plugin

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

Cross-site Scripting in SEOmatic plugin

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

CVE-2021-41750

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

Cross site scripting

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...