MAL-2025-135149 Malicious code in lina-bubur25-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b10cf065b783d05df7941a58fe6432385c5a072e5f493bfd521c27580c111a8e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Command Injection

Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to Command Injection via the extractBaseCommand function. An attacker can execute arbitrary operating system commands by supplying crafted input that ...

EUVD-2020-17975

Malware in sbrugna...

EUVD-2013-3443

Malware in sbrugna...

EUVD-2017-7752

Malware in sbrugna...

EUVD-2023-36942

Malicious code in bioql PyPI...

EUVD-2024-47935

Malicious code in bioql PyPI...

EUVD-2024-3610

Malicious code in bioql PyPI...

EUVD-2024-48421

Malicious code in bioql PyPI...

PT-2025-31883 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 1.3.9 Description: Cursor, a code editor built for programming with AI, allows writing in-workspace files without user approval in affected versions. Specifically, creating new dotfiles does not require approval, whil...

CVE-2022-25578

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file...

CVE-2013-3508

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing...

[SECURITY] Fedora 42 Update: qgis-3.42.1-2.fc42

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

GO-2024-3355 Remote Command Execution in file editing in gogs in gogs.io/gogs

Remote Command Execution in file editing in gogs in gogs.io/gogs...

Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

CVE-2024-54148

CVE-2024-54148 affects the Gogs open-source self-hosted Git service. A malicious user can commit and edit a crafted symlink file within a repository to gain SSH access to the server. The issue is reported with high/critical impact in the CVSS data and is mitigated by upgrading to version 0.13.1 o...

CVE-2024-54148 Gogs has a Path Traversal in file editing UI

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

Design/Logic Flaw

application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit...