PT-2026-41343

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

Schlix CMS 代码注入漏洞

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. Version 2.2.6-6 of Schlix CMS has a code injection vulnerability. This vulnerability stems from a remote code execution issue, allowing authenticated attackers to execute arbitrary P...

Malicious code in tensorflow-opt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14 Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start"...

0xgasless-mcp (>=1.0.3 <=1.0.5), 4d-vector-search (>=1.0.0 <=1.0.1) +2211 more potentially affected by CVE-2026-25528 via langsmith (>=0.3.7 <=0.4.12)

langsmith NPM version =0.3.7, =1.0.3, =1.0.0, =1.11.0, =0.0.5, =0.0.1, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.6, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-25528 Source advisory: SNYK:JS-LANGSMITH-15253025...

@directus/api (>=15.0.0 <=31.0.0), @linotype/directus-extension-linotype (>=1.2.2 <=1.3.5) +2 more potentially affected by CVE-2025-64748 via directus (>=10.10.0 <=11.12.0)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-64748 Source advisory: OSV:GHSA-8JPW-GPR4-8CMH...

CVE-2021-40905

The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...

CVE-2021-40905

The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...

Exploit for Unrestricted Upload of File with Dangerous Type in Checkmk

CVE-2021-40905 - RCE via a crafted .mkp file Application:...