MAL-2026-4650 Malicious code in pubnub-moderation-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 750918c1551873c10f69bc746538652a6adf047d6c76231a40832fff30b74938 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. The script collects os.hostname,...

CVE-2026-47107 Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

EUVD-2026-30958

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

EUVD-2024-1098

Malicious code in bioql PyPI...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion LFI vulnerability via the component /etc/hosts...

GHSA-55QJ-GJ3X-JQ9R Denial of service in Kubernetes

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

Denial of service in Kubernetes

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5765 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31446720 CVE-2020-0543 - x86/speculation: Add Special Regist...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion LFI vulnerability via the component /etc/hosts...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion LFI vulnerability via the component /etc/hosts...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion LFI vulnerability via the component /etc/hosts...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion LFI vulnerability via the component /etc/hosts...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion LFI vulnerability via the component /etc/hosts...

CVE-2023-37601

Office Suite Premium v10.9.1.42602 contains a local file inclusion (LFI) vulnerability in the /etc/hosts component. The issue is documented in CVE-2023-37601 with a CVSS v3.1 base score of 7.5 (High) and a network attack vector, no user interaction required, and no confidentiality is impacted bey...

SUSE CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

Code injection

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DN...

CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DN...

Malicious Package in 1337qq-js

All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes: - Environment variables - Running processes - /etc/hosts - uname -a - npmrc file Recommendation Remove the packag...

CVE-2020-8557

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

CVE-2020-8557

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...