15092 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-6903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. CVE-2016-6903 Note that Nessus relies on the...
CVE-2025-55824
CVE-2025-55824 relates to ModStartCMS v9.5.0, which is affected by an arbitrary file-write vulnerability. The vulnerability enables an attacker to write arbitrary files on the server and, as described in sources, execute malicious commands to obtain sensitive data. The CVE’s metrics indicate a ne...
Ensure That the umask Value Is Correct
The umask value is the mask for default file or directory permissions. When a file or directory is created, its default permission is set to 777 minus the umask value. For a file, its execute permission is also removed. If the umask value is set improperly, the permission of new files may be too...
Malicious code in octolytics (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5d86b4c4ce77a41bee827eb614c38868e1231feef6629f9baf9cc665e472f530 The OpenSSF Package Analysis project identified 'octolytics' @ 0.19.0 rubygems as malicious. It is considered malicious because: - The package...
CVE-2025-34521
A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...
CVE-2012-10062 XAMPP WebDAV PHP Upload Authentication Bypass RCE
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...
CVE-2025-58159 WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)
WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension...
Malicious code in pp-react-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 71193da54e6cdc258489d02db5987830a3bc147cbf9b43236f5757cab04f9c73 The OpenSSF Package Analysis project identified 'pp-react-grid' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2025-54762
SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...
CVE-2025-54762
CVE-2025-54762 affects SS1 and its Media version (SS1 Ver.16.0.0.10 and earlier; Media 16.0.0a and earlier). The vulnerability enables a remote, unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges. Connected sources additionally map this to multiple S...
CVE-2025-53970
SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...
CVE-2025-53970
CVE-2025-53970 affects SS1 versions 16.0.0.10 and earlier (Media 16.0.0a and earlier) from DOS Co., Ltd. A remote unauthenticated attacker can upload arbitrary files and execute OS commands with SYSTEM privileges. Multiple sources (NVD, Red Hat, JVN, CIRCL, PT Security, etc.) corroborate the vuln...
MAL-2025-41501 Malicious code in @twork-data-services/procedure-v2-execute-as-method-request (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-42123 Malicious code in @flight-common/models (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5af2423bce8f82ab3bebfecba472bdcc04805388481ec19e96c245ca48ccd3b The OpenSSF Package Analysis project identified '@flight-common/models' @ 1.2.9213 npm as malicious. It is considered malicious because: - The...
CVE-2025-57797
Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command...
Linux Distros Unpatched Vulnerability : CVE-2019-7342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable...
CVE-2025-36174 IBM Integrated Analytics System file upload
IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...
Malicious code in ng-tds (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b3294da0f9faffb8ba69b152216b52a8aa4ebcf64678bcd336c917b3e054530d The OpenSSF Package Analysis project identified 'ng-tds' @...
Malicious code in api-extractor-lib4-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 659516491da5eda94919af0b09a941720c55632d3a7c3ced84c056da49b4e504 The OpenSSF Package Analysis project identified 'api-extractor-lib4-test' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
CVE-2025-57749
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...