2444421 matches found
CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...
CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...
CVE-2026-8406
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
CVE-2026-38581
SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...
CVE-2026-10847
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitatio...
CVE-2026-11816
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
Malicious code in vqlxjmpr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bdcc295891f10380c7f487d7ea61c1bd17d7230a8feed4f12d04b8aa7bddcaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in downlynpm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c54f0f73fe269f9054d27204762149882fd85c82c575dfa40738014f7a594090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zatzdbai (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tribe-digital/shopify-starter-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d20022a66a46ee0bc6a944946691b3746c8e0262e00b90891bd6ef26519e8a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @iobeya/spa-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @marketplace-shared/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98933a5f467c2a623815ed46e5baf6838ba6e86e8055b48d4941da3bf59e5c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ngt-frontend/widgets-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea73e01bd9fd14de80da7385a457c47d65d0af138480a99f91556880fabf9d3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @hatcha-captcha/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tenforce/toolbox-fontmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @snowsight/debug-tooling (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca444a9a90c96e463edeafef6a8f5ebdcc91dd128361d2b2aa42b6897cc48e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @coterie-baby/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb0f46407e3ad7d060630b7aec9ce77a68f41c3a9fd3678941d6d43ca78b68a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ntnx/nx-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5de5a928dc220e0142c863d66448e5675a2d3283b7bf5b4e3133f4f3806bb38f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @sazka/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @integrations-center/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a23606af0a8ca92d6caee4fa3a9171e6268ad073eec054cb0d2835747bf7cbbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...