88 matches found
Malicious code in spip-pth-demo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...
EUVD-2026-27081
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...
DIE-engine 安全漏洞
DIE-engine is a file type detection and reverse analysis tool developed by Hors’ individual developer. Versions of DIE-engine prior to 3.21 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks, allowing attackers to write arbitrary files into the file...
CVE-2023-50810
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
The CVE-2025-40604 affects SonicWall Email Security appliances. It describes a vulnerability where the device downloads root filesystem images without verifying signatures, enabling attackers with VMDK or datastore access to modify system files and achieve persistent arbitrary code execution. Pub...
CVE-2025-34502
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34503
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
PT-2025-43688
Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The Deck Mate 2 device does not have a verified secure-boot chain or runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an...
Light & Wonder Deck Mate 安全漏洞
Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a lack of secure boot chain validation and runtime integrity validation, which could allow a physically accessible attacker to modify or...
PT-2025-43689
Name of the Vulnerable Software and Affected Versions Deck Mate 1 affected versions not specified Description Deck Mate 1 executes firmware directly from an external EEPROM without verifying its authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to execu...
EUVD-2020-24688
Malware in sbrugna...
EUVD-2023-24261
Malicious code in bioql PyPI...