MAL-2026-157 Malicious code in test-thegenetic-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a1aa78e95a98adc8d2ce9a727c53e49e1a1cd5d91a052d5aadcb2ead7afe050 The package test-thegenetic-module was found to contain malicious code. Source: ghsa-malware...

K000159017: Apache HTTP Server vulnerability CVE-2025-3891

Security Advisory Description A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently,...

EUVD-2026-1463

wolfSSL Python module vulnerable to Improper Authentication...

GHSA-VJ87-JJ27-4H9C wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

CVE-2019-25289

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

📄 Prison Management System 1.0 Shell Upload

This Metasploit module exploits an unrestricted file upload vulnerability in Prison Management System version 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validat...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the md4sum function of the NTLM authentication module. An attacker can execute arbitrary code with the privileges of the affected application. Remediation A fix was pushed into the master branch but not ye...

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-1342)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1342 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the...

CVE-2019-25289

Affected software: Inim SmartLiving SmartLAN (SmartLAN/G/SI) versions 6.x and earlier. Vulnerability: authenticated remote command injection in the web.cgi binary via an unsanitized 'par' POST parameter in the 'testemail' module, allowing execution of arbitrary system commands with root privilege...

CVE-2019-25289

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

Python Site-Specific Hook Persistence

This module leverages Python's startup mechanism, where some files can be automically processed during the initialization of the Python interpreter. One of those files are startup hooks site-specific, dist-packages. If these files are present in site-specific or dist-packages directories, any lin...

CVE-2013-6295

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module...

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

CVE-1999-0430

Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload...

CVE-2019-7541

Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring...

CVE-2019-16145

The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption...

CVE-2019-16307

A Reflected Cross-Site Scripting XSS vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter webExMeetingLogin.jsp and meetingKey...

CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form html\admin\modules\manager\views\form.php, an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via G...

CVE-2019-16106

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitmentonline/personalData/actacounttab.cfm txtNewUserName and hdNP fields...