238 matches found
CVE-2026-27757
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...
Weak Password Recovery Mechanism for Forgotten Password
Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the ResetPassword function and the background token cleanup process. An attacker can gain persistent unauthorized access to user accounts by reusing intercepted password reset...
EUVD-2026-9047
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...
CVE-2026-27757
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persisten...
CVE-2026-27757
The CVE-2026-27757 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20. An authentication vulnerability allows any authenticated user to change account passwords without verifying the current password, enabling persistent access to the management interface. The issue, described in the...
CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
CVE-2025-9909
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
SODOLA SL902-SWTGW124AS 安全漏洞
SODOLA SL902-SWTGW124AS is an industrial switch manufactured by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to version 200.1.20 contain security vulnerabilities. These vulnerabilities stem from the ability for authenticated users to change their account passwords without...
Entra ID OAuth Consent Can Grant ChatGPT Access to Emails
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access...
Malicious code in modify-setting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48505e42b99b10152a5e8587fc88350de886a6ff02ca5b70ada3d90c9a7e980f The package modify-setting was found to contain malicious code. Source: ghsa-malware 3420a3d9050f94ba247ff8853e7a7f98ee33ca16a7beda959c53463992b65c24...
MAL-2026-967 Malicious code in parse-compat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f14189ba3007a51617df87911f83c0c765d38bf6abe23b5aecbbe60cd8646c0a The package parse-compat was found to contain malicious code. Source: ghsa-malware 90a657719347c80f56dab387dd9beb25be7af98e9580382365a65feb0fd53243 A...
Arbitrary File Write
Shopware is vulnerable to Arbitrary file write. The vulnerability is due to insufficient validation of uploaded plugin files, which allows an attacker to write files to arbitrary directories and upload a PHP shell, resulting in persistent shell access on on-premises installations...
MAL-2026-542 Malicious code in stylus.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da337331b168fe53efb22dcc1d3a935e35010e59a40d5d222ee18aa89fe82e42 The package stylus.js was found to contain malicious code. Source: ghsa-malware 228752dfb0c639ecaabfe0fc0189046c016a56e66ffae8ebb59eaeb675d9d935 Any...
SSH Key Persistence
This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...
Malicious code in tailwin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6f42d8ac771f7de2a89b36d91afb6db0c0445c7c3b9c4c094cf74b1448343d The package tailwin was found to contain malicious code. Source: ghsa-malware 25f1e8ebfcada6d9b8288179365d666ecc4679a549f815f6715e35fc614e03e2 Any...
MAL-2026-210 Malicious code in @workleap-ai/shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2800f2cfba8ac6e7a16ef977484e4da4d360c859848daedb5220c7d3595653e1 The package @workleap-ai/shared was found to contain malicious code. Source: ghsa-malware...
Malicious code in oj-sp-css-additions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...
📄 Netbus Backdoor 1.7 Remote Code Execution
Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...
MAL-2025-192556 Malicious code in cms_comp_static (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e057568833f54e2250c5364e595d7a3046f4eb94f2484b9a0a2236b948cb10f The package cmscompstatic was found to contain malicious code. Source: ghsa-malware 38ce02191cf2d82246d56083ba8f7c2c4c0f14a71060bf8beaea95851f3c7a1e...
aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...