294 matches found
Pterodactyl Panel - Remote Code Execution
Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. id: CVE-2025-49132 info: name: Pterodactyl Panel - Remote Code Execution...
Linux Distros Unpatched Vulnerability : CVE-2025-65114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0...
CentOS 9 : libpng-1.6.37-14.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libpng-1.6.37-14.el9 build changelog. - heap buffer over-read in pngimagewritebit RHEL-147356 CVE-2026-22801 - heap buffer over-read in pngimagefinishread RHEL-149000...
PT-2026-6585
Name of the Vulnerable Software and Affected Versions ProficySCADA for iOS version 5.0.25920 Description The application is susceptible to a denial of service condition. An attacker can cause the application to crash by manipulating the password input field. Specifically, overwriting the field wi...
CVE-2024-41960
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2023-45823
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...
CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...
CVE-2024-41121
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-1999-0662
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete...
CVE-2019-16765
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality [CVE-2025-1993]
Summary IBM App Connect Enterprise Certified Container DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. This bulletin provides patch information to address the vulnerability in I...
EUVD-2025-74429
Malicious code in necessaryplanarianmoccasin-47 npm...
Malicious code in necessary_parakeet_maroon-20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221421a705962565a208be8ddecbc41fbb73dfc9e8b0d8bef76df1a13d7e2159 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-76207
Malicious code in necessarymarsupial-apptea npm...
EUVD-2025-81115
Malicious code in necessaryleopard0xrequest npm...
EUVD-2025-62936
Malicious code in necessaryclownfishz3n npm...
EUVD-2025-62935
Malicious code in necessaryguineafowlz3n npm...
EUVD-2025-62931
Malicious code in necessaryprawnz3n npm...
Malicious code in necessary_lobster_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b981cb8f8c5ee4ad75d08a67dde9555373a88feb1f7fa8456f856509345ccc8a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in necessary_parrotfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab9629ec05274c01766ef5fa2ebb82e4f1e9c1cc8854c2769f07f9a11b7575d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...