MAL-2026-4395 Malicious code in @inetafrica/open-claudia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b3881ec598069649e57612f04359886ef22331899541885248ea6a0a41bce2 Multiple files in this package contain a Telegram-bot-based command-and-control and exfiltration framework wired to install/runtime-reachable code...

Malicious code in vestibulect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da0f0bb40f42e69defbea694db093f2ad880c8c094508f61e2d7fe58550e2e package.json declares a postinstall hook "postinstall": "node install.js" which executes install.js automatically on npm install. install.js imports ...

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

EUVD-2025-12383

Malicious code in bioql PyPI...

CVE-2025-0632

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

CVE-2025-0632 Local File Inclusion (LFI) leading to sensitive data exposure

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

CVE-2024-40088

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request...

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure Authenticated Date: 2023-03-26 Exploit Author: Sean Pesce Vendor Homepage: https://asterisk.org/ Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ Version: 18.20.0 Tested on: Debian Linux CVE:...

GHSA-RM97-X556-Q36H sanitize-html Information Exposure vulnerability

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

CVE-2023-39611

The CVE-2023-39611 entry concerns Software FX Chart FX 7 (version 7.0.4962.20829). The vulnerability allows an attacker to enumerate and read files on the local filesystem by sending crafted web requests, indicating a local file disclosure issue in the web-facing functionality. The root cause and...

Hitachi eSOMS Security Vulnerability

Hitachi eSOMS is an application software from Hitachi, Ltd. a shift operations management system for the power generation industry. A security vulnerability exists in Hitachi eSOMS version 6.3.13 and earlier, which stems from a vulnerability that allows an attacker to enumerate local file system...