321 matches found
EUVD-2026-40350
Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...
PT-2026-56266
Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...
Malicious code in http-uploader-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...
CVE-2026-7439
AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...
CVE-2026-33335
CVE-2026-33335 affects Vikunja Desktop (Electron wrapper). From version 0.21.0 up to before 2.2.0, the wrapper forwards URLs from window.open() directly to shell.openExternal() without validation or protocol allowlisting. This enables an attacker who can inject a link that triggers window.open (e...
MAL-2026-928 Malicious code in polyutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
MAL-2026-927 Malicious code in polyclawd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
EUVD-2016-1474
Malware in sbrugna...
EUVD-2016-7664
Malware in sbrugna...
EUVD-2017-0692
Malware in sbrugna...
EUVD-2017-0768
Malware in sbrugna...
EUVD-2016-7627
Malware in sbrugna...
EUVD-2016-9257
Malware in sbrugna...
EUVD-2017-0690
Malware in sbrugna...
EUVD-2017-0952
Malware in sbrugna...
EUVD-2016-9322
Malware in sbrugna...
EUVD-2016-9308
Malware in sbrugna...
EUVD-2017-0870
Malware in sbrugna...
EUVD-2016-7673
Malware in sbrugna...
EUVD-2017-0886
Malware in sbrugna...