295 matches found
EUVD-2026-31823
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
Flowsint 访问控制错误漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability, which allowed attackers who knew the investigation IDs to update the investigation metadata of other users...
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...
Astra Linux - уязвимость в python3.11
It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...
SUSE-SU-2026:0777-1 Security update for cosign
This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...
CVE-2025-14608
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...
CVE-2025-14608
CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions
Malicious code in weywot-perseus-parallax-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccf69d07016c6dfafa7312d220affa347019aaa3bb135b3acd2daef6d21939f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185372 Malicious code in acamar-halley-eclipse-kronos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f8ad09c0a08bf031574152a898d8286ae2d35f3ed9cbf41b4a8ecc5cfe5a745 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cypress-vuetify-mutation-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f0bdf630701339c3b4e0b026be7375225105671dd37c1d58e92ce6dcd04269a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fork-eslint-slidev-chakra-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f8ab67ea8427ea5b62140b04dc5a91e4b2512ef31a7be5a7f29ca3f838dfed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189714 Malicious code in subduction-xenobiology-websockets-polaris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9d162d50d84dbe43de8e35e175e07f1bac8050e4acec2b8489426a438367ec4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186845 Malicious code in eslint-plugin-husky-pavo-virgo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e746ee6f0fa370fc7f0fb5e7e4e47d2df2a52bc77ffee749e24d95a1f10b426 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alpha-view-grep-abstract-pipe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a59d4ced0983d05722b6d4aa572be26e524f6f5a4608478d2b47cdfcd656793 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186879 Malicious code in eventhoriz-event-planckscale-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a969531dc342a3106319fd93ac645317db9acde1778df1db5647cfd186fda89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188368 Malicious code in nucleosynthesis-neptunology-spica-stratosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eda83e4bc64b5fe5829462248eb9db1a8ad23495c0f75a0a84658b7ff95c8f99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186818 Malicious code in eris-postgres-taurus-metabolomics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa737fc1e071f4c754c680f6353ec4cdd65d7e7162df98b7885c18bd7563f2f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in warp-ora-duplex-jekyll (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d66ff385a22dffe023d98891710432d0c59ead5f5af2c822fff70f98049abf12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sonic-os-afisigafaafoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b957bb54e50e683488f27387e494f4373f6997ef33f42c5a2164012b3d2ce19e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...