MAL-2026-4735 Malicious code in xy-ai-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9025a3fddb0d31a5cd9114850b0ca859acf96e54649d4d2a9fe286b7ca015c xy-ai-chat ships a Lit web component whose bundled main entry hardcodes two plain-HTTP endpoints on a bare IPv4 address:...

MAL-2026-4367 Malicious code in @bcrumbs.net/bc-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4bd9ccff2d027c9982ab41ff4b4417e62475e70aba04212794f267030f63ab0 The exported BCChat React component embeds a hardcoded Azure Blob SAS URL https://bcuserres.blob.core.windows.net/anonymous with a long-lived SAS tok...

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

CVE-2025-68623

CVE-2025-68623 affects Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0. Cisco Talos TALOS-2025-2293 documents a local privilege escalation: during installation, the dxwebsetup.exe installer creates a writable TEMP path, writes dxwsetup.exe, then executes it with high integrity. An at...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

Microsoft DirectX End-User Runtime Web Installer 安全漏洞

Microsoft DirectX End-User Runtime Web Installer is a component installation tool provided by the American company Microsoft. The version 9.29.1974.0 of Microsoft DirectX End-User Runtime Web Installer contains a security vulnerability. This vulnerability arises from the possibility for...

Podman Vulnerable to Arbitrary File Write via Symbolic Link Traversal in 'play.go' File

Podman contains a symbolic link traversal vulnerability when the kube play command is used with a 'ConfigMap' or secret volume mount. A remote attacker could exploit this by creating a malicious symbolic link on the volume in order to overwrite the contents of arbitrary files, however the attacke...

CVE-2025-15314

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...

CVE-2025-15314

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...

Tanium end-user-cx 安全漏洞

Tanium end-user-cx is a terminal tool extension provided by the American company Tanium. There is a security vulnerability in Tanium end-user-cx, which stems from the ability to delete arbitrary files...

CVE-2025-15318

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools...

CVE-2025-15314

CVE-2025-15314 concerns an arbitrary file deletion vulnerability in Tanium's end-user-cx. The provided data shows a CVSS v3.1 base score of 5.5 (Medium) with an attack vector of Local and attack complexity Low . Privileges required: Low ; user interaction: None ; scope: Unchanged . Impact indicat...

CVE-2025-15314 Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...

CVE-2025-15314 Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...

CVE-2025-15314

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...

CVE-2025-15318

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools...