MAL-2026-4528 Malicious code in cloud-pc-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803 The ai login CLI subcommands loginMode huggingface, ollamacloud, ollamalocal each download a proxy script from a mutable refs/heads/main branch of a...

GHSA-95C3-6VVW-4MRQ MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience

SECURITY registry001 Vulnerability Report While analyzing the code logic, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: c5c4b9e8890dd5754bee889b2f1417f4fe3b5ce5 - Vulnerability Type: Authentication bypass via cross-registry OID...

CVE-2026-40193 Maddy Mail Server: LDAP Filter Injection via Unsanitized Username

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 - telnetd auth bypass o co chodzi argument...

SUSE-SU-2026:0857-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...

SUSE-SU-2026:0803-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...

GO-2026-4393 Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher

Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

CVE-2005-1015

Buffer overflow in MailEnable Imapd MEIMAP.exe allows remote attackers to execute arbitrary code via a long LOGIN command...

CVE-1999-0028

root privileges via buffer overflow in login/scheme command on SGI IRIX systems...

EUVD-2005-1018

Malware in sbrugna...

EUVD-2006-1162

Malware in sbrugna...

EUVD-2022-5093

Malicious code in bioql PyPI...

SUSE CVE-2004-1011

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long 1 PROXY or 2 LOGIN command, a different vulnerability than CVE-2004-1015...

GHSA-R57F-7XW3-Q2R9 Improper Authentication in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

CVE-2022-26189

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface...

Unix Command Shell, Bind TCP (via BusyBox telnetd)

Listen for a connection and spawn a command shell via BusyBox telnetd This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 26 include Msf::Payload::Single include...

CVE-2017-1000354

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

Design/Logic Flaw

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

CVE-2017-1000354

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...