8 matches found
CVE-2025-9118 Dataform Path Traversal
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...
Malicious code in @zalastax/nolb-lion-lib-t (npm)
The package @zalastax/nolb-lion-lib-t was found to contain malicious code...
CoreCode MacUpdater Code Issue Vulnerability
CoreCode MacUpdater is a program from CoreCode that scans your Mac and shows you which of your installed applications are not up-to-date. A security vulnerability exists in CoreCode MacUpdater versions prior to 2.3.8 and versions 3.x through 3.1.2. An attacker exploited the vulnerability to eleva...
Code injection
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...
CVE-2022-26516
CVE-2022-26516 affects Red Lion DA50N gateways. The weakness is Insufficient Verification of Data Authenticity (web UI update process), allowing an authorized user to install a maliciously modified package file if it’s sourced from unauthorized or compromised files between download and deployment...
CVE-2022-26516 ICSA-22-104-03 Red Lion DA50N
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...
CVE-2022-26516 ICSA-22-104-03 Red Lion DA50N
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...
Input validation
Improper Input Validation in Teltonika firmware TRB2R00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file...