Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

MAL-2026-4547 Malicious code in cxpher-linux-arm32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd6c14d2899b638880b25bf1c35973ed1c9cf6fcb99331447e3da7c2478124c7 The package's main is an ARM ELF binary that, when loaded, mkdtemp's a working directory under /dev/shm/.cxpher.XXXXXX or /tmp/.cxpher.XXXXXX, writes...

Astra Linux – Vulnerability in Firefox

tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...

The Ultimate Mathematical & AI Toolkit 路径遍历漏洞

The Ultimate Mathematical & AI Toolkit is a mathematical and AI toolkit developed by rUv. It supports sub-linear algorithms and consciousness exploration. Version 1.5.0 of the Ultimate Mathematical & AI Toolkit contains a path traversal vulnerability. This vulnerability stems from the exportstate...

MCP Data Visualization & Experimentation Platform SQL注入漏洞

MCP Data Visualization & Experimentation Platform is a large model context protocol developed by alejandro and his team. The MCP Data Visualization & Experimentation Platform has a SQL injection vulnerability. This vulnerability stems from an SQL injection vulnerability in the Request function...

EUVD-2026-11403

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

PT-2026-24859

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

UBUNTU-CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

CVE-2025-61651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

Automai Director 安全漏洞

Automai Director is a centralized automation management console from Automai Corporation. A security vulnerability exists in Automai Director version 25.2.0, which can be exploited by a remote attacker to elevate privileges and gain access to sensitive information via a specially crafted js file...

PT-2026-2274

Name of the Vulnerable Software and Affected Versions Automai Director version 25.2.0 Description An issue in Automai Director version 25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information through a crafted js file. Recommendations At the moment, there is no...

CVE-2025-46067

CVE-2025-46067 affects Automai Director v25.2.0. The issue allows a remote attacker to escalate privileges and access sensitive information via a specially crafted JavaScript file. Evidence from multiple sources confirms the affected product/version and the nature of the impact, described as priv...

EUVD-2026-1929

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

Syslifters Sysreptor 跨站脚本漏洞

Syslifters Sysreptor is a penetration test reporting platform from Syslifters, Inc. A cross-site scripting vulnerability exists in Syslifters Sysreptor versions prior to 2025.102, which originates from an authenticated user being able to perform a stored cross-site scripting attack by uploading a...

CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

EUVD-2020-1423

Malware in sbrugna...