Malicious code in internallib_v557 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfa498f80e5965de3c072803c8d6e812e75bc5a4fb031f739cbd9c181724be3 internallibv557 has no legitimate functionality — its single exported command function in index.js writes a malicious package.json to...

MAL-2026-5678 Malicious code in internallib_v557 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfa498f80e5965de3c072803c8d6e812e75bc5a4fb031f739cbd9c181724be3 internallibv557 has no legitimate functionality — its single exported command function in index.js writes a malicious package.json to...

GHSA-F2H6-7XFR-XM8W PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...

PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...

CVE-2026-40148

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...

CVE-2026-40148

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...

CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...

CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...

GHSA-4RX4-4R3X-6534 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...

PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...

EUVD-2025-111620

Malicious code in local-registry-vega-prettier-plugin-markdown npm...

EUVD-2019-8752

Malware in sbrugna...

CVE-2025-2297

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to...

CVE-2019-19119

An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials...

CVE-2021-45917

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery SSRF attack on another agent computer,...

Shockwall system 授权问题漏洞

Sun & Moon Rise Shockwall System is a computer endpoint protection system from Sun & Moon Rise, a Chinese company. A server-side request forgery SSRF attack can be launched against another proxy computer using local registry information, resulting in the execution of arbitrary code to control the...

CVE-2021-45917

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery SSRF attack on another agent computer,...

CVE-2020-7945

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...

CVE-2019-19119

An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials...

PT-2013-2419 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server WAS versions 6.1 before 6.1.0.47 IBM WebSphere Application Server WAS versions 7.0 before 7.0.0.29 IBM WebSphere Application Server WAS versions 8.0 before 8.0.0.6 IBM WebSphere Application Server WAS versions...