2467586 matches found
MAL-2026-6587 Malicious code in clob-client-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e5d9d8399e2b05081019def33eac48372a162c8c9a069c26d4225285ffe0a18 On npm install, the package's postinstall script fetches a JSON config from datasecure-service.vercel.app/config/clob-math.json, downloads a tarball...
CVE-2026-9676
The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...
CVE-2026-10083
The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input e.g. a transient nam...
K000161952: Multiple Linux kernel vulnerabilities CVE-2026-23347, CVE-2026-23356, CVE-2026-23357, CVE-2026-23364 and CVE-2026-23365
Security Advisory Description CVE-2026-23347 In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it...
EUVD-2026-40046
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-13546
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-13546 Feehi CMS REST API Endpoint articles missing authentication
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-13546 Feehi CMS REST API Endpoint articles missing authentication
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-13546
CVE-2026-13546 affects Feehi CMS up to version 2.1.1. The vulnerability targets the REST API Endpoint, specifically the unknown code in the file /api/articles, where manipulation results in missing authentication. Attack would be remote, and the exploit has been made public. The project was infor...
Malicious code in ledgerflow-deploy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...
MAL-2026-6591 Malicious code in ledgerflow-deploy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...
K000161950: Spring AI vulnerability CVE-2026-22738
Security Advisory Description In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied...
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and includin...
Exploit for Code Injection in Grafana
CVE-2024-9264 CVE-2024-9264 취약점 실습 보고서 1. 취약점 요약 | 항목...
MAL-2026-6580 Malicious code in loadutils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...
Malicious code in loadutils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...
MAL-2026-6578 Malicious code in layerd-unit-codec-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27d4511e4a3f335712736eebef6cf8e55e3f1bccbb13ded2fcef675622e58e1 Package is published as layerd-unit-codec-parser but its README, install instructions, and example imports present it as...
Malicious code in layerd-unit-codec-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27d4511e4a3f335712736eebef6cf8e55e3f1bccbb13ded2fcef675622e58e1 Package is published as layerd-unit-codec-parser but its README, install instructions, and example imports present it as...
K000161947: Cross-site scripting (XSS) vulnerability in Grafana CVE-2025-4123
Security Advisory Description A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...
Malicious code in pino-debugging (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f34694171d099a29f77430359b02afb82c2333967feb1ec6e0bd845b98244b9 Package name impersonates the legitimate pino-debug. The main entry index.js requires a transitive dependency 'loadutils' that pulls a further...