MAL-2026-2183 Malicious code in yeshsurya (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94ee8d39c76b11ebb68503181be81cfc3154ef7c1b758a9b139d77f3791c3356 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in dataflux-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 486e56ad4de2a59b9c8890d854505075b556ca6920be97f850a14c7d648f7f3b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in livekit-agents-hedra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8391aaa11b2ae78ceba6cf6eea7b0671d2d21b32d838b94f4504afa13ea832ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191939 Malicious code in xx-ent-wiki-sm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ebf0745c51c955dbe898efb0f6b721f30dd75edc24b4ee234e8574cee3da9d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2010-20120

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers...

AZL-49164 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-5

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

PT-2024-31385 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.1 Description: The issue allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A remote code execution vulnerability exists in PDF-XChange Editor, which can be exploited by an attacker to execute arbitrary code...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute code in the current process...

Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable

The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it...

Csdn App 跨站脚本漏洞

Csdn App is an It community software for cell phones from CN Beijing Innovative Lezhi Network Technology Csdn. Csdn APP suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability...

OpenEMR Code Injection Vulnerability

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A code injection vulnerability exists in OpenEMR, which can be exploited by an...

WordPress gregs-high-performance-seo plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. gregs-high-performance-seo is an SEO Search Engine Optimization plugin used in it. A cross-site scripting vulnerability exists in the...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2019-19316)

IBM Connections is a suite of social software platforms from IBM USA. The platform provides advanced analytics and real-time data monitoring capabilities and can accelerate web collaboration within and outside the organization through IBMSmartCloud services. A cross-site scripting vulnerability...

GHSA-PHG2-9C5G-M4Q7 Remote Code Execution in spark-core

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...