Malicious code in open-agents-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7 package.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that...

CVE-2026-34523

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

CVE-2026-34523 SillyTavern: Path traversal allows file existence oracle

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

PT-2026-27213

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

CVE-2024-52549

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

PT-2024-23318 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this, where the target...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

CVE-2022-24368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-24366

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader formerly known as Foxit Reader is a set of software used to read PDF format files, developed by Foxit Software Fujian. The vulnerability stems from not verifying the existence of the object before performing operations on it. An attacker could exploit this vulnerability to execut...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader formerly known as Foxit Reader is a set of software used to read PDF format files, developed by Foxit Software Fujian. The vulnerability stems from not verifying the existence of the object before performing operations on it. An attacker could exploit this vulnerability to execut...

UBUNTU-CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

CVE-2019-13195

The web application of some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system...

CVE-2019-13195

The web application of some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system...

PHP-FPM + Nginx - Remote Code Execution Exploit

Exploit for php platform in category web applications PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have...

PHP-FPM + Nginx - Remote Code Execution

PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see below. What's vulnerable If a webserver...

PT-2019-11858 · Jenkins · Jenkins Deploy Weblogic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deploy WebLogic Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials or determine whether a file or...

CVE-2018-17629

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader app.response method remote code execution vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the app.response method in Foxit Reader version 8.3.2.25013, where the program fails to adequately verify the existence of an object before performing an operation on i...

cgi-check99.r

REBOL Title: "CGI Check 99" Date: 27-May-1999 Author: "deepquest 98% by loser" Comment: "respect and source from loser" File: %cgi-check99.r Email: [email protected] Purpose: Popular CGI scanner ported and improved to REBOL. secure none print "CGI Scanner. Ported by loser improved by...