21 matches found
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
Malicious code in @openwebconcept/theme-owc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...
Malicious code in kinggupong (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e715c2381b97a44dc664b3fbb1faf1977b339bc9cc51ad7722b09e24caa2f63 The package kinggupong was found to contain malicious code. Source: ghsa-malware 47fb80c46fcfaba8da9b01d5f99700a8a98a138ce3936b2ed9393db423d5b718 Any...
Malicious code in @skyzopedia/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2851df7c45fca156556e4b7c5fef4c60ed254a43c4e6e51c6e02d8b5ca5a20 The package @skyzopedia/libsignal-node was found to contain malicious code. Source: ghsa-malware...
CVE-2026-23572
Improper access control in the TeamViewer Full and Host clients Windows, macOS, Linux prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to...
Malicious code in @sme-ui/aoma-vevasound-metadata-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ced8f74d8984f217db135b6a331c5aeee6463823f29d90c9e15fa6473aa8fd3 The package @sme-ui/aoma-vevasound-metadata-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in bael-god-thanks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fb105ca33158c030cf28b649844c05d95a90e00aae8866710025a5ea6ed43a0 The package bael-god-thanks was found to contain malicious code. Source: ghsa-malware 1ada7d14f26d17acaa1f5bc8625c26c9dab2ad3018eeff170305cdd60e45247...
Malicious code in @js-to-lua/lua-conversion-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91ebd24fd672684df83e5fcae05558a53e1c39f90617cac87401a555dda40811 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-52353
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...
CVE-2025-52353
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...
CVE-2025-52353
CVE-2025-52353 affects Badaso CMS 2.9.11 where the Media Manager file-upload endpoint bypasses content-type validation, allowing authenticated users to upload files containing embedded PHP code. When such a file is accessed via its URL, the server executes the PHP payload, enabling arbitrary syst...
Malicious code in volehai-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 695b1f1647ff88855017c178d47ab04527b14c3817e9b4ed343c1220cc7b18df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution
Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...
Malicious code in huma-contracts-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffcd8e55c63708841725749619d1aa01ac52fa1345eab2c6dc53f3b9f2615581 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uzx-internal (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7250eab0a6f8a7fb2b339d8b38fdfeacce4a669afd92b62c4f271d460973faf Any computer that has this package install...
Malicious code in widgets-mainappointments (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a05c4f3cc4d5297de929275823c2b67fd6bb6f8988f85acc300b9e4b342219b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2023-14233 · Aruba · Aruba Edgeconnect Enterprise Orchestrator
Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...
Malicious code in b4lesised (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34586c1b4ad5c07b6f2004823829d7b85910b58345073b9867fcc4a63624a72e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in require-jq (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7305f50f59db220bfc80a952ab5be573b7d70d3889f37f817d3ef9af46c3c66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Portainer Access Control Error Vulnerability (CNVD-2019-40490)
Portainer is an open source lightweight management UI that allows you to easily manage docker hosts or clusters. An access control error vulnerability exists in the Stack creation feature in Portainer versions prior to 1.22.1. An attacker can exploit this vulnerability to gain full privileges to...