MAL-2026-2180 Malicious code in sonic-config-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2385b46fee4fb7241c2f3f692934017f39660c9694b98b92cbe3dae6555e5b05 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

WordPress plugin Photo Engine 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-28162

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS’s memoryLimit security feature can be bypassed using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. When combined with a string flattenin...

PT-2026-28038

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

XSStrike 3.1.6

XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...

PT-2026-27774

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.3.4 Description The EspoCRM software contains a flaw due to the formula engine operating outside the field-level restriction layer, allowing writable access to fields marked as read-only, such as Attachment.sourceId...

Linux Distros Unpatched Vulnerability : CVE-2026-4702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

Linux Distros Unpatched Vulnerability : CVE-2026-4698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149,...

Linux Distros Unpatched Vulnerability : CVE-2026-4701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-33344 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

MAL-2026-2388 Malicious code in spectral-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d45c9e6ca6d123deeb7d3bfb326dc818f76fb83f256dca70e650842b7cf7620 The package spectral-engine was found to contain malicious code...

Malicious code in spectral-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d45c9e6ca6d123deeb7d3bfb326dc818f76fb83f256dca70e650842b7cf7620 The package spectral-engine was found to contain malicious code...

MAL-2026-2353 Malicious code in ecto-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a678fddfc2d44cf68ad36ea2ec4225f695540faeefd1e528f65887f3f32555ef The package ecto-engine was found to contain malicious code...

Malicious code in ecto-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a678fddfc2d44cf68ad36ea2ec4225f695540faeefd1e528f65887f3f32555ef The package ecto-engine was found to contain malicious code...

EUVD-2026-14861

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 149...

EUVD-2026-14821

JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...

EUVD-2026-14813

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 149, Firefox ESR 115.34, and Firefox ESR 140.9...

EUVD-2026-14819

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...

EUVD-2026-14848

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...