Lucene search
K

8 matches found

Cvelist
Cvelist
added 2025/08/25 7:5 a.m.10 views

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

10CVSS0.00625EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in @zalastax/nolb-lion-lib-t (npm)

The package @zalastax/nolb-lion-lib-t was found to contain malicious code...

7AI score
Exploits0
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.3 views

CoreCode MacUpdater Code Issue Vulnerability

CoreCode MacUpdater is a program from CoreCode that scans your Mac and shows you which of your installed applications are not up-to-date. A security vulnerability exists in CoreCode MacUpdater versions prior to 2.3.8 and versions 3.x through 3.1.2. An attacker exploited the vulnerability to eleva...

7.8CVSS6.7AI score0.00222EPSS
Exploits0References4
Prion
Prion
added 2022/04/20 4:15 p.m.20 views

Code injection

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...

6.8CVSS8.2AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2022/04/20 3:30 p.m.76 views

CVE-2022-26516

CVE-2022-26516 affects Red Lion DA50N gateways. The weakness is Insufficient Verification of Data Authenticity (web UI update process), allowing an authorized user to install a maliciously modified package file if it’s sourced from unauthorized or compromised files between download and deployment...

8.4CVSS7.8AI score0.0031EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/20 3:30 p.m.7 views

CVE-2022-26516 ICSA-22-104-03 Red Lion DA50N

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...

8.4CVSS8.4AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/20 3:30 p.m.19 views

CVE-2022-26516 ICSA-22-104-03 Red Lion DA50N

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...

8.4CVSS8.5AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2020/08/03 8:15 p.m.19 views

Input validation

Improper Input Validation in Teltonika firmware TRB2R00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file...

7.1CVSS7.6AI score0.01052EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder