119 matches found
Malicious code in @cloudplatform-single-spa/smk (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
CVE-2026-8672
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...
CVE-2026-8670
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...
CVE-2026-8673
CVE-2026-8673 describes an unprotected transport of credentials in Avantra from syslink software AG on Linux and Windows, allowing sniffing of credentials. The affected line is Avantra before version 25.3.0. Documented impacts emphasize confidentiality and integrity risks, with CVSS v3.1 indicati...
CVE-2026-8672 Default credentials for internal DB
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...
CVE-2026-8672
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Arbitrary Command Injection
Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Arbitrary Command Injection via the shell.write function. An attacker can execute arbitrary system commands by supplying crafted inpu...
Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17
Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...
Exploit for Race Condition in Canonical Ubuntu_Linux
Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...
EUVD-2026-9944
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28718
Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28715
Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28726
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28726
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28715
Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28710
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2025-30416
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39938, Acronis Cyber Protect 15 Linux, Windows before build 41800...
EUVD-2022-55940
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...
CVE-2022-50696 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Hardcoded Credentials Authentication Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...