MAL-2025-169324 Malicious code in trevora-lliisaa-cir7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad0c1a1591218e32835328529d0a67a5f31c8294a145677b11243cbc81df5c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2021-22909

Malware in sbrugna...

EUVD-2016-2598

Malware in sbrugna...

CVE-2025-54217

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49572 Substance3D - Modeler | Out-of-bounds Write (CWE-787)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49567

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires us...

CVE-2024-6791

A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versio...

The vulnerability of the Share component in the cloud software for creating and using Nextcloud Server’s data storage system allows a attacker to compromise the integrity of the data or cause service failures.

The vulnerability of the Share component in the cloud software for creating and using Nextcloud Server storage involves the sending of requests to delete old versions of files that could only be accessed with read permissions. Exploiting this vulnerability allows a malicious actor to compromise...

CVE-2024-37315

CVE-2024-37315 affects Nextcloud Server; with files_versions feature enabled, an attacker with read-only access to a file can restore older document versions. Remediation per sources: upgrade Nextcloud Server to 28.0.3 or later (and 26.0.12, 27.1.7 for broader Enterprise coverage; see associated ...

Read-only users can restore old versions

None...

PT-2024-4381 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.12 Nextcloud Server versions prior to 27.1.7 Nextcloud Server versions prior to 28.0.3 Nextcloud Enterprise Server versions prior to 23.0.12.16 Nextcloud Enterprise Server versions prior to 24.0.12.12...

PT-2024-4382 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.12 Nextcloud Server versions prior to 27.1.7 Nextcloud Server versions prior to 28.0.3 Nextcloud Enterprise Server versions prior to 26.0.12 Nextcloud Enterprise Server versions prior to 27.1.7 Nextclou...

CVE-2021-36289

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it...

CVE-2021-36295

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system...

CVE-2021-36289

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it...

Remote code execution

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system...

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...

Access to all file-versions of a user as soon as he has one share with the attacker – ownCloud

------- An authenticated attacker can access all versions of all files even unshared as soon as the owner of said files has at least one outgoing share with the attacker. To attacker needs to guess a file-id which is numeric and sequential. Affected ----- - owncloud/core = v10.0.9 - owncloud/core...

Access to all file-versions of a user - ownCloud security advisory

Platform: ownCloud Server Versions: 10.3.0 Date: 2/28/2020 Risk: Medium CVSS v3 Base Score: 6.8 CVSS v3 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CWE ID: 648 CWE Name: Incorrect Use of Privileged APIs...

Design/Logic Flaw

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package DUP Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package DUP Framework file versions prior to 3.8.3.67 used in Dell...