HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion

An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. id: CVE-2024-34470 info: name: HSC...

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

HSC MailInspector 跨站脚本漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user inputs withi...

PT-2026-41707

HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...

CVE-2026-29964

HSC MailInspector v5.3.3-7 is affected by a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint. The issue arises from improper neutralization of user-controlled input, with alternate or obfuscated JavaScript syntax reflected back in HTTP responses without adequate output encodi...

HSC MailInspector 跨站脚本漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user-controlled...

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

PT-2026-41706

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

CVE-2026-29965

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...

CVE-2026-29962

The CVE-2026-29962 issue affects HSC MailInspector v5.3.3-7 and is an LFI vulnerability caused by improper validation of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes parameters that directly influence file access, enabling path traversal to read arbitrary files fro...

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

CVE-2024-34470

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read...

CVE-2024-34472

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an...

Malicious code in nvlore-hsc (npm)

The package nvlore-hsc was found to contain malicious code...

MAL-2025-27938 Malicious code in nvlore-hsc (npm)

The package nvlore-hsc was found to contain malicious code...

Malicious Package

Overview nvlore-hsc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate legitimate WhatsApp libraries, there is no connection between that organization and this package...

Malicious code in viryc-hsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c7e65fbc4460da9aef8938e77b5ffc7aeb72d879e43d1062a2ebc211d39eed5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5528 Malicious code in viryc-hsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c7e65fbc4460da9aef8938e77b5ffc7aeb72d879e43d1062a2ebc211d39eed5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...