129 matches found
MOSAIC-Bench: Measuring Compositional Vulnerability Induction in Coding Agents
Coding agents often pass per-prompt safety review yet ship exploitable code when their tasks are decomposed into routine engineering tickets. The challenge is structural: existing safety alignment evaluates overt requests in isolation, leaving models blind to malicious end-states that emerge from...
CVE-2026-2417
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...
EUVD-2026-14960
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...
CVE-2026-2417
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...
CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...
CVE-2026-2417
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...
CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...
CVE-2026-2417
The CVE-2026-2417 entry concerns Pharos Controls Mosaic Show Controller firmware 2.15.3, describing a Missing Authentication for Critical Function that could let an unauthenticated attacker bypass authentication and run arbitrary commands with root privileges. The vulnerability is rated CRITICAL ...
Pharos Controls Mosaic Show Controller
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...
Pharos Controls Mosaic Show Controller 访问控制错误漏洞
Pharos Controls Mosaic Show Controller is an embedded control device developed by the British company Pharos, used for lighting control and multimedia scene orchestration. Version 2.15.3 of Pharos Controls Mosaic Show Controller contains a security vulnerability due to the lack of authentication...
PT-2026-27478
Name of the Vulnerable Software and Affected Versions Pharos Controls Mosaic Show Controller version 2.15.3 Description A missing authentication check for a critical function allows an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This...
CVE-2022-31521
The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Malicious code in @axinom/mosaic-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7168f2a1e0e25128412330dd5022d955509346523f45c453d18e9205eb38b678 The package @axinom/mosaic-cli was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191450 Malicious code in @axinom/mosaic-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7168f2a1e0e25128412330dd5022d955509346523f45c453d18e9205eb38b678 The package @axinom/mosaic-cli was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199518
Malicious code in @axinom/mosaic-cli npm...
EUVD-2014-3439
Malware in sbrugna...
EUVD-2014-3438
Malware in sbrugna...
EUVD-2025-24195
Malicious code in bioql PyPI...
EUVD-2024-47088
Malicious code in bioql PyPI...