MAL-2026-5707 Malicious code in ttspc-server-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ea79d9fce12a87d3949dc748617f8077a1ae0822fadab451c27d2c8a2feb9b [email protected] declares postinstall: node index.js in package.json, so on npm install it automatically executes index.js. The script...

Malicious code in events-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...

CVE-2026-33533

A flaw was found in Glances, an open-source system monitoring tool. The Glances XML-RPC server, when activated, sends a wildcard Access-Control-Allow-Origin header and does not validate the Content-Type header. This allows a remote attacker to craft a malicious webpage that can issue a Cross-Orig...

Credential Exposure

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

CVE-2016-10821

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list SEC-75...

EUVD-2010-4153

Malware in sbrugna...

EUVD-2020-24212

Malware in sbrugna...

EUVD-2017-11787

Malware in sbrugna...

EUVD-2016-5580

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-1742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Invocation of the sqlplus command with sensitive information in the command line in the mkoracle Checkmk agent plugin before Checkmk 2.3.0b4 beta, 2.2.0p24,...

Linux Distros Unpatched Vulnerability : CVE-2020-1753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versio...

CVE-2024-1742

Invocation of the sqlplus command with sensitive information in the command line in the mkoracle Checkmk agent plugin before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows the extraction of this information from the process list...

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

CVE-2025-27656

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011...

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.862 and Application 20.0.2014, which stems from a process list storing plaintext passwords...

CVE-2025-27656

CVE-2025-27656 affects Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 22.0.862 and Application 20.0.2014. The root cause is plaintext passwords stored in the process list. The vulnerability is rated CVSS v3.1 with a base score of 9.8 (CRITICAL), high impact on confidentialit...

CVE-2025-27656

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011...

CVE-2025-27656

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd – Fixed a possible Use-After-Free issue in irqprocessworklist. The listforeachentry Safe function was used to allow iterating through the list and deleting entries during the iteration process. The descriptors are...