73 matches found
MAL-2026-5554 Malicious code in express-self-destruct2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21246439a04267591c998594f92ac1267c86698f5dcc3463ad2cd932abb04dc On install, the package's postinstall hook scripts/inject.js locates the installer's project root and main entry from package.json or fallbacks...
MAL-2026-5553 Malicious code in express-self-destruct (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0097503a7ecd7b5e3b97213de29b36d5e957a305f7829cc45f43aa5aa3da817 On npm install, the package's postinstall hook node scripts/inject.js walks up from the install directory to locate the consumer's project root and...
Linux Distros Unpatched Vulnerability : CVE-2026-6940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by...
CVE-2026-6940
A flaw was found in radare2. A local attacker can exploit a path traversal vulnerability during project deletion by crafting absolute paths. This allows the attacker to delete arbitrary directories outside the intended project storage, leading to a loss of data integrity and system availability...
EUVD-2026-25301
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
CVE-2026-6940 : radare2 versions before 6.1.4 contain a path traversal vulnerability in the project deletion feature. A local attacker can supply absolute paths that escape the dir.projects root to recursively delete arbitrary directories, by targeting project marker files outside the project sto...
Radare2 路径遍历漏洞
Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Versions of radare2 prior to 6.1.4 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during project deletion, allowing local attackers to recursively delete any directory ...
PT-2026-34751
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery CSRF vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF...
EUVD-2025-208339
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery CSRF vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF...
CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery CSRF vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF...
Chamilo 跨站请求伪造漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site request forgery vulnerability. This vulnerability stemmed from the lack of anti-CSRF protection during sensitive operations such as project deletion, which could...
CVE-2021-22187
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted...
EUVD-2020-22915
Malware in sbrugna...