Malicious code in tronlabpy3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71fd394fee5be8e6fe09e8fff0c645dfc2bd164506a85c077d76642c9ec86ba6 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in fia-signals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b61c6fe7ba81fd99de703bc1c00e0a93b2809363abfbf12b79fd9905830f2b54 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

OfficeWeb365 Indexs Interface - Arbitrary File Read

There is any file reading in the officeWeb365 Indexs interface. id: CVE-2024-37728 info: name: OfficeWeb365 Indexs Interface - Arbitrary File Read author: DhiyaneshDK severity: high description: | There is any file reading in the officeWeb365 Indexs interface. impact: | Unauthenticated attackers...

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

EUVD-2026-34057

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10694 SourceCodester Online Food Ordering System index.php include file inclusion

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...

CVE-2026-10694

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...

CVE-2026-10694

SourceCodester Online Food Ordering System 2.0 is affected in the index.php include handling. The vulnerability arises from manipulation of the page parameter, causing a file inclusion (remote exploit surface). The issue is exploitable remotely and the exploit is public, enabling an attacker to i...

PT-2026-45890

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...

CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...

EUVD-2025-210055

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10692

The CVE-2026-10692 affects johnhuang316 code-index-mcp up to version 2.14.0, specifically the is_safe_regex_pattern function in the search_code_advanced component. Manipulating the regex argument can cause inefficient regex processing (potentially a denial-of-service), with remote attack potentia...

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...