1030 matches found
Malicious code in couplus-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0c78a6293dc26a858801e92b94142c0fb6ab09c558b39900095be8a8aef9a52 The package couplus-cli was found to contain malicious code. Source: ghsa-malware 469c68fc4282e268dbe121670070e4a148ec18adaad72317ca06de47eed59217 An...
Malicious code in rollup-plugin-polyfill-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66951e7a327d1fc859d6225c197895d0366cbe1dcb33f3fcf4879b223211a76a The package rollup-plugin-polyfill-build was found to contain malicious code. Source: ghsa-malware...
Malicious code in @dotprompt/promptly-darwin-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 120d702f1e340ffdca19411824d16c6b6f381c53e0cb3e123982aaba2d013458 The package @dotprompt/promptly-darwin-arm64 was found to contain malicious code. Source: ghsa-malware...
ROS-20260319-73-0024
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker to gain full control over the system...
ROS-20260319-73-0025
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker to gain full control over the system...
CVE-2026-32297
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...
CVE-2026-32297
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...
CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...
MAL-2026-1450 Malicious code in @myisrfn/baileys-mod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc229f53299b669d5c48d802a9d0a7766546ae0908e4b83ed04c51d34c97e482 The package @myisrfn/baileys-mod was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-modules-systemjs (npm)
The package 'transform-modules-systemjs' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-dev-warning (npm)
The package 'transform-dev-warning' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in svg-safety-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 423523b3df147eccef394a43e71101674f003918fb09ae7121dac4c4ac474eff The package svg-safety-tool was found to contain malicious code. Source: ghsa-malware f31f6cc0f000af3b9a7f76332b14e7d9c33b2d0f80056695850c21490d0e41c...
CVE-2026-25573
A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise...
Siemens SICAM SIAPP SDK 安全漏洞
Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. The Siemens SICAM SIAPP SDK suffers from a command execution vulnerability that can be exploited by attackers to cause command injection and full system cracking...
Malicious code in json-merge-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...
CVE-2025-41758 Arbitrary Write with wwwupload.cgi
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
CVE-2025-41758
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...
PT-2026-24031
Name of the Vulnerable Software and Affected Versions UBR affected versions not specified Description A local attacker with limited privileges who gains access to the UBR service account, for example through SSH, can escalate their privileges to achieve full system access. This is possible becaus...
Malicious code in @wgu-edu/wgu-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1492a1bd49042802301333ea517f4b8406c91e845c6189c43be215cb9832edf The package @wgu-edu/wgu-core was found to contain malicious code. Source: ghsa-malware...
CVE-2026-27944
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...