CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

PT-2026-43283

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Data System - Cyclops versions 11.3.0.2 through Interim Fix 002 Description IBM Cloud Pak for Data System uses default passwords from the manufacturing process during the installation process, which could allow an attacker to...

MAL-2026-4460 Malicious code in @trackking/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d51e587bc0b6508fa3d38027f18d42d9ab4b6ccdb8dd2760543e8c52d6bb18 @trackking/[email protected] is an empty stub: index.js is module.exports = , package.json has no description, no author, ISC license, and a high-number...

CVE-2026-8827

The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...

CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

Malicious code in textwrap-formatter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 18da24e92fd40457ad3df2af568c07d41b35f44e6e07e8fac3bf0eafba9c2154 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...

RockyLinux 9 : PackageKit (RLSA-2026:11504)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11504 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

CVE-2026-3219

CVE-2026-3219 : The issue affects the Python package installer, pip, which treats concatenated tar and ZIP archives as ZIP files regardless of the filename or whether a file is both a tar and a ZIP. The root cause is ambiguous archive identification that can lead to confusing installation behavio...

SUSE CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

Generation of Predictable Numbers or Identifiers

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...

JLSEC-2026-25

It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...

Malicious code in mattermost-airflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 667be9d0c5eaea7acdf1c2593165304280ef7b67bfbf4d8c0f36065836fe834c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2142 Malicious code in roboat-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 869ea4b94181bc5ef23562a4d749b462fb7079112cca74072ee9036fb397921f During installation, a malicious executable is downloaded and run. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

EUVD-2025-48342

Malicious code in citra-lepet61-sukiwir npm...

CVE-2025-11761

Technical details about affected versions, root cause and fixes are not provided in the supplied documents. Monitor HP advisories for updates.

PT-2025-44767

Name of the Vulnerable Software and Affected Versions HP Client Management Script Library affected versions not specified Description A security issue has been reported in HP Client Management Script Library that could lead to privilege escalation during installation. The issue is being addressed...

HP Client Management Script Library 安全漏洞

HP Client Management Script Library is a library of Powershell automation management tools from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Client Management Script Library that stems from improper privilege management during installation, which could result in...

EUVD-2011-4067

Malware in sbrugna...