MiracleLinux 9 : firefox-128.14.0-2.el9_6.ML.1 (AXSA:2025-10784:29)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10784:29 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

CasaOS Detection (HTTP)

HTTP based detection of CasaOS. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.156132";...

Node.js 20.x < 20.20.0 / 22.x < 22.22.0 / 24.x < 24.13.0 / 24.x < 24.13.0 / 25.x < 25.3.0 Multiple Vulnerabilities (Tuesday, January 13, 2026 Security Releases).

"The version of Node.js installed on the remote host is prior to 20.20.0, 22.22.0, 24.13.0, 24.13.0, 25.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 13, 2026 Security Releases advisory. - A flaw in Node.js's permission model allows a file's...

CVE-2026-22804

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2026-22813

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

SUSE-SU-2026:20031-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551: CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape...

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...

EUVD-2026-1973

Malicious code in inquirer-js npm...

EUVD-2026-1969

Malicious code in immer-js npm...

EUVD-2026-1978

Malicious code in milvus-js npm...

EUVD-2026-1979

Malicious code in huggingface-js npm...

MAL-2026-222 Malicious code in huggingface-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddd4d756fe7df1a0ac3caf862d744269bc2e1c1b49d8a4e12c702ded81b75dbf The package huggingface-js was found to contain malicious code. Source: ghsa-malware 9240da3d6ad3248bf99f72ea626c3562d3614a363647cad28a5468f16e73b885...

EUVD-2026-1929

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

CVE-2025-46067 affects Automai Director v25.2.0. The issue allows a remote attacker to escalate privileges and access sensitive information via a specially crafted JavaScript file. Evidence from multiple sources confirms the affected product/version and the nature of the impact, described as priv...