1080802 matches found
CVE-2026-15523
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...
CVE-2026-15523 CodeAstro Simple Online Leave Management System dashboard.php sql injection
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...
CVE-2026-15523
CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...
EUVD-2026-43265
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...
[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43
A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...
PT-2026-57610
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...
Malicious code in babel-preset-lib-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4274de0136aa69f8b0f4eba03412c7809a1b8c2446bb3ed7f6de1333475aa4c4 index.js, the package main, runs a load-time IIFE that collects OS platform and architecture, hostname, username, private and public IP via...
Malicious code in react-next-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 286869faf09aec1d62b472e43a7188a1583c5cf8c999d1fb2e116f0b7f5ba8c6 The package impersonates the pino logger README/badges reference pino; module.exports.pino is the middleware while its name is react-next-vite. When ...
Malicious code in nullrift (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ebce322ac712405bfd29254cbd8f820c20ddc083587693a982b75ef6f3039a Package advertises itself as an SVG fetcher/sanitizer but its main module also exports an undocumented getPlugin function. The returned function...
Malicious code in chain-await-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7412987df7a746c9128ca807cbd2222b340e3b4f8397620348fc62606a0f2b5 The package's declared main entry index.js exports a factory check that spawns a detached, unreferenced Node child process running lib/vcall.js, then...
Malicious code in react-dom-v17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f55f6e35ab09a2fcd6521dac51aa4baa4cfa726958bc266a0d56fc14de240a29 Package name impersonates the widely-used react-dom package react-dom-v17. package.json declares preinstall: node index.js, which fires automatically...
Malicious code in library-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28b5db05b3bdfb9cc8b1af9759f05a3bc7a1b6a9c364b86831b93df78e9e2273 package.json declares preinstall: node index.js. On npm install, index.js collects installer host identity os.hostname, os.platform, os.arch,...
Malicious code in giantswarm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75f3a244f2761c56347f695897a491d23ab04cafe1e5b0e46fd7d0d2c993f828 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js collects host reconnaissance — hostname,...
Malicious code in api-changelly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a94f4aa368f1838507a78dde78062b740a5853b516d9d32782d0264b539b724c The package declares preinstall: node index.js, which runs automatically on npm install. index.js collects installer identifiers os.hostname,...
Malicious code in polylabel-web-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce7df46acd8236fafbaa27dbccb92d1f286c17b023ea5ff555700e76c4a0188f [email protected] ships an empty index.js stub and declares its only runtime dependency as a direct tarball URL on a Google Cloud Storage...
Malicious code in polymarket-kelly-math-stake (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cf5ba9cd75b1a773e3a04e6eb45778894e04fd1d55b2e8ad03ae97deb41d16 [email protected] runs a postinstall script scripts/install-check.cjs that fetches a JSON config from...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-jms Forged DefaultExchangeHolder Filter-Bypass Reproduce...
CVE-2026-61875
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...
EUVD-2026-43235
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...
CVE-2026-61875 luci-app-upnp Stored XSS via UPnP Port Mapping Description
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...