25 matches found
PT-2026-41137
Summary A gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone...
CVE-2026-39418 MaxKB: SSRF via sandbox network hook bypass
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto with the MSGFASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the...
Important: runc
Issue Overview: cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1442)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1442 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
CVE-2019-20870
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID...
MAL-2025-188437 Malicious code in ophiuchus-callisto-semantic-ui-lynx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d65af75f6acff48d55a94e31741a5da41d9e26f8b607169d254ab4d96271cb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138348 Malicious code in yuni-gepuk62-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d3c1471b8cb2d019f0999d9670a1996c10891f291dde408f050b5a62ff7eeac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kurniawan-serimuka53-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53cefd0a0194a3acff1238ccee1f8ad737da6592244f9c8e370641d1174b0368 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-86124 Malicious code in hadi-gulai35-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9819ab3ca2bc12b78c7f8865dc00f0bbb67098e00e21e7a5120c837fdca4a14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jaja-keraktelor20-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56c3b64280c053d4b4ed3bdb0424c39d01143276f9e68402d3dc165367e2c300 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ocha-kentang19-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6cffe97775827d2b810ac9496a19a241cc8d437158c9cf7b7fb2adec246887e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-79289 Malicious code in joni-getuk73-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e939c87dd4357233c0c6a25107d53aa8cedcc41481fe4f20136aa6cba57fe6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-80005 Malicious code in melted_reindeer_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03bc760e8a075e7dde90426a750b0a221085e13f63b6bc0d9618d927ba08d1a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bambang-asinan57-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca87313d6dacf58ad6783fec9365c7ce40acaaa917b54b6d24acfc8376ff9fee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in clumsy-white-amphibian (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a5cab4f4e1e4901e5bf0b3ba11962e9d76641981b82e748f705204191d801f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-65843 Malicious code in utomo-naget96-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e829c567f6c4926e2db856ac3d0eb1e291d4d33a90be8a237ab2834160d87f32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2024-47778
Malicious code in bioql PyPI...
CVE-2023-0627 Docker Desktop 4.11.x allows --no-windows-containers flag bypass
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...
CVE-2023-0627 Docker Desktop 4.11.x allows --no-windows-containers flag bypass
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...
ASB-A-265015796
In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...