CVE-2026-44594 esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...

Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

MAL-2026-2407 Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

Important: firefox

Issue Overview: Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVE-2025-11708 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using...

EUVD-2019-17706

Malware in sbrugna...

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...

CVE-2000-1140

The CVE-2000-1140 entry concerns Recourse ManTrap 1.6, where the process-hiding mechanism fails to conceal processes from attackers. This could allow an attacker with local access to verify honeypot status by comparing the results of kill commands with the /proc process listing, indicating honeyp...