CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

CVE-2026-35089 Use of Weak Credentials in Slican telephone exchanges

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

CVE-2026-35089

Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...

Slican多款产品 安全漏洞

Slican IPx, among others, are products of the Polish company Slican. Slican IPx is a series of enterprise communication and IP phone switching systems. Slican CCT is also a series of enterprise communication and IP phone switching systems. Slican MAC is a series of enterprise-level telephone...

Slican多款产品 安全漏洞

Slican NCP are products of the Polish company Slican. Slican NCP is an IP communication server. Slican IPx is a series of enterprise communication and IP phone switching systems. Slican CCT is also a series of enterprise communication and IP phone switching systems. Several Slican products have...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000601 advisory. The ipxrecvmsg function in net/ipx/afipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has be...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001884)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001884 advisory. The ipxrecvmsg function in net/ipx/afipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has be...

EUVD-2002-0772

Malware in sbrugna...

EUVD-2022-51894

Malicious code in bioql PyPI...

CVE-2025-54387

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

Linux Distros Unpatched Vulnerability : CVE-2017-7487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of servic...

netlify (=22.3.0), netlify-cli (>=22.2.2-pre.dd189fc <=22.3.0-pre.81558e5) potentially affected by CVE-2025-54387 via ipx (=3.0.3)

ipx NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on ipx and may be impacted: - netlify =22.3.0 - netlify-cli =22.2.2-pre.dd189fc, =22.3.0-pre.81558e5 Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

@cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15), @enab/uipkg (>=0.0.2-beta.0 <=0.0.2-beta.23) +4 more potentially affected by CVE-2025-54387 via ipx (>=1.0.0-2 <=1.1.0)

ipx NPM version =1.0.0-2, =0.0.1, =0.0.2-beta.0, =0.1.0, =1.0.0-27821548.ab054e4, =0.0.3, =0.0.4-beta-6 Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

Directory Traversal

Overview ipx is a High performance, secure and easy-to-use image optimizer. Affected versions of this package are vulnerable to Directory Traversal via the ipxFSStorage function in the storage/node-fs.ts file, which checks whether a path is within allowed directories. An attacker can access files...

@mastra/deployer-netlify (>=0.0.0-a2a-20250421213654 <=0.10.5), @rr0/cms (>=0.3.23 <=0.3.29) +14 more potentially affected by CVE-2025-54387 via ipx (>=2.0.1 <=2.1.0)

ipx NPM version =2.0.1, =0.0.0-a2a-20250421213654, =0.3.23, =1.1.6, =4.0.0, =2.0.3, =0.0.23, =1.0.0, =1.0.2, =21.5.0, =17.4.0, =0.0.7, =0.0.13 - tmp-package-registry =1.0.0 and more Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

CVE-2025-54387

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

CVE-2025-54387 IPX is Vulnerable to Path Traversal via Prefix Matching Bypass

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

CVE-2025-54387 IPX is Vulnerable to Path Traversal via Prefix Matching Bypass

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

CVE-2025-54387

IPX is an image optimizer (UnJS) vulnerable to a path-prefix bypass in its directory-check logic. Affected versions: 1.3.1 and earlier; 2.0.0-0 to 2.1.0; 3.0.0 to 3.1.0. The vulnerability allows bypassing allowed-directory checks via raw prefix comparison, potentially enabling access to files out...

@brandboostinggmbh/image (=0.6.2), @cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15) +46 more potentially affected by CVE-2025-54387 via ipx (>=0.3.2 <=1.1.0)

ipx NPM version =0.3.2, =0.0.1, =1.0.0, =1.0.0-27100507.943fa27, =1.0.3, =1.0.3-27133259.82aaae0, =0.0.2-beta.0, =0.2.0, =14.9.23-prev, =0.6.3, =0.6.2, =1.0.0-beta.2, =1.0.0-beta.2, =1.0.18, =1.0.0-beta.4, =1.0.0-beta.12 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JC...