Malicious code in open-agents-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7 package.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that...

CVE-2026-34523

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

CVE-2026-34523 SillyTavern: Path traversal allows file existence oracle

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticate...

PT-2026-27213

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

CVE-2019-13195

The web application of some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system...

CVE-2019-13195

The web application of some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system...

PHP-FPM + Nginx - Remote Code Execution Exploit

Exploit for php platform in category web applications PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have...

PHP-FPM + Nginx - Remote Code Execution

PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see below. What's vulnerable If a webserver...

PT-2019-11858 · Jenkins · Jenkins Deploy Weblogic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deploy WebLogic Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials or determine whether a file or...

cgi-check99.r

REBOL Title: "CGI Check 99" Date: 27-May-1999 Author: "deepquest 98% by loser" Comment: "respect and source from loser" File: %cgi-check99.r Email: [email protected] Purpose: Popular CGI scanner ported and improved to REBOL. secure none print "CGI Scanner. Ported by loser improved by...