Malicious code in @service-user-notifications/set_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a890f1cd8313de802c1425ca5603b7d1fabaf84cb1e47b582a4633dae34ccf14 On npm install, scripts/postinstall.js fetches a platform-specific binary from https://oob.moika.tech/payload/linux|mac|win, writes it to a hidden te...

PT-2026-42547

Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install package method of concrete/controllers/single page/dashboard/extend/install.php. An attacker who can cause an authenticated administrator to visit a crafted page, and who has placed or caused a package to be present under...

exploit900

GoldHEN - PS4 Homebrew Enabler...

Vulnerabilities fixed in n8n

n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...

CVE-2026-21893

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...

CVE-2026-21893 n8n Vulnerable to Command Injection in Community Package Installation

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...

CVE-2025-13828

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges...

CVE-2025-13492

HP Image Assistant is affected in versions prior to 5.3.3. The vulnerability stems from a race condition during package installation that could allow a local attacker to escalate privileges (local, high impact). No exploitation details are provided in the documents; exposure depends on attacker a...

CVE-2025-13492 HP Image Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages...

EUVD-2020-0291

Malware in sbrugna...

Fedora 42 : fcgi (2025-e5cc4338e7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e5cc4338e7 advisory. Fix CVE-2025-23016 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2021-39618

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1738)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:3640-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

Exploit-for-ImageMagick-CVE-2022-44268 A bash script for easly...

CVE-2023-25547

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

PT-2022-27415 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: CHICKEN versions 5.x before 5.3.1 Description: The issue allows arbitrary OS command execution during package installation via escape characters in a .egg file. This is due to a problem in the egg-compile.scm file. Recommendations: For CHICKE...

CVE-2022-33150

An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

Fedora: Security Advisory for meg (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-sophaskins-efs2tar (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...