PT-2026-23443

Name of the Vulnerable Software and Affected Versions eml parser versions prior to 2.0.1 Description The eml parser module, used for parsing eml files, contains a path traversal issue in the example script examples/recursively extract attachments.py. This allows for arbitrary file write outside t...

curl: Use after free in hyperfifo example

Summary: THIS ONLY IS AN ISSUE IN EXAMPLE CODE, NOT CURL ITSELF! In the hyperfifo example the event base is freed before the curlmulticleanup is called. This leads to a use after free in the addsocket callback, when libevent tries to lock a mutex in the base event during the curl shutdown. Link t...

Craft CMS has Stored XSS in Table Field via "HTML" Column Type

A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...

CVE-2026-3025

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...

CVE-2026-3025 ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...

CVE-2026-3025

Affects ShuoRen Smart Heating Integrated Management Platform 1.0.0. The vulnerability lies in an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx, where manipulating the File argument can cause unrestricted file upload. Exploitation is remote, and an exploit has be...

PT-2026-21556

Name of the Vulnerable Software and Affected Versions ShuoRen Smart Heating Integrated Management Platform version 1.0.0 Description A flaw exists in ShuoRen Smart Heating Integrated Management Platform version 1.0.0, related to an unknown functionality within the file...

Command Injection

Apache Airflow is vulnerable to Command Injection. The vulnerability is due to a non-validated parameter in the exampledagdecorator example DAG, which allows an attacker to redirect execution to a malicious server and execute arbitrary code on a worker when example DAGs are enabled...

Decidim's private data exports can lead to data leaks

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

EUVD-2020-30934

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

CVE-2020-36945

WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to...

com.foxinmy:easemob4j (>=1.1.0 <=1.1.3), com.foxinmy:umeng4j (>=1.1.0 <=1.1.3) +13 more potentially affected by CVE-2026-24819 via com.foxinmy:weixin4j-base (>=1.0 <=1.9.1)

com.foxinmy:weixin4j-base MAVEN version =1.0, =1.1.0, =1.1.0, =1.9.0, =1.4, =1.0, =1.9.0, =1.4, =1.0, =1.8.0, =1.0.9-RELEASE, =0.0.2, =0.0.3 - org.oxerr:spring-security-wechat-samples-helloworld =0.0.1 Source cves: CVE-2026-24819 Source advisory: SNYK:JAVA-COMFOXINMY-15128702...

Malicious Package

Overview mapkit-example-svelte is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview mapkit-example-vue is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in mapkit-example-svelte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e50c0bfa7ac259128381d1495bc907b68e4721214789ed3316c0a57e387175 The package mapkit-example-svelte was found to contain malicious code. Source: ghsa-malware...

Malicious code in mapkit-example-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99b2a1b5d1181c18ff26056481018d107fc6fc38df563e0d7fba6aa44b7cd51 The package mapkit-example-vue was found to contain malicious code. Source: ghsa-malware...

MAL-2026-523 Malicious code in mapkit-example-svelte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e50c0bfa7ac259128381d1495bc907b68e4721214789ed3316c0a57e387175 The package mapkit-example-svelte was found to contain malicious code. Source: ghsa-malware...

MAL-2026-524 Malicious code in mapkit-example-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99b2a1b5d1181c18ff26056481018d107fc6fc38df563e0d7fba6aa44b7cd51 The package mapkit-example-vue was found to contain malicious code. Source: ghsa-malware...

Exploit for CVE-2026-24061

CVE-2...

Malicious Package

Overview mapkit-example-vanillajs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...