20 matches found
Malicious code in internallib_v557 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 275af9596caf2b68994ca8282da7e127f8a4478e07888dbae73826328b4e41f2 index.js implements a multi-step attack against an internal npm registry. On invocation of the exported command, it: 1 creates a Verdaccio user...
MAL-2026-5678 Malicious code in internallib_v557 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 275af9596caf2b68994ca8282da7e127f8a4478e07888dbae73826328b4e41f2 index.js implements a multi-step attack against an internal npm registry. On invocation of the exported command, it: 1 creates a Verdaccio user...
GHSA-F2H6-7XFR-XM8W PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...
PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...
CVE-2026-40148
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...
CVE-2026-40148
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractal...
GHSA-4RX4-4R3X-6534 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...
EUVD-2025-111620
Malicious code in local-registry-vega-prettier-plugin-markdown npm...
EUVD-2019-8752
Malware in sbrugna...
CVE-2025-2297
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to...
CVE-2019-19119
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials...
CVE-2021-45917
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery SSRF attack on another agent computer,...
Shockwall system 授权问题漏洞
Sun & Moon Rise Shockwall System is a computer endpoint protection system from Sun & Moon Rise, a Chinese company. A server-side request forgery SSRF attack can be launched against another proxy computer using local registry information, resulting in the execution of arbitrary code to control the...
CVE-2021-45917
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery SSRF attack on another agent computer,...
CVE-2020-7945
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...
CVE-2019-19119
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials...
PT-2013-2419 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server WAS versions 6.1 before 6.1.0.47 IBM WebSphere Application Server WAS versions 7.0 before 7.0.0.29 IBM WebSphere Application Server WAS versions 8.0 before 8.0.0.6 IBM WebSphere Application Server WAS versions...