Embedded Malicious Code

Overview kube-health-tools is a Lightweight Kubernetes node health diagnostics Affected versions of this package are vulnerable to Embedded Malicious Code that target Kubernetes environments by install a full LLM proxy service on the victim's machine, allowing the attacker to route LLM traffic...

CVE-2026-4528

CVE-2026-4528 affects trueleaf ApiFlow 0.9.7. The vulnerability lies in the function validateUrlSecurity within packages/server/src/service/proxy/http_proxy.service.ts of the URL Validation Handler , enabling server-side request forgery (SSRF) . Remote exploitation is possible and the exploit has...

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

PT-2026-26946

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation...

TexasSoft CyberPlanet 代码问题漏洞

TexasSoft CyberPlanet is an internet cafe billing and client management software developed by the Indian company TexasSoft. Version 6.4.131 of TexasSoft CyberPlanet contains a code vulnerability. This vulnerability stems from a service path in the CCSrvProxy service that lacks quotes, which may...

Failed to create a restore point: PostgreSQL database operation failed multiple times with transient error.

Challenge After upgrading to Veeam Backup for Microsoft 365 8.2 or 8.3, jobs fail with the erorr: Failed to create a restore point: PostgreSQL database operation failed multiple times with transient error. Cause This issue occurs because various one-time PostgreSQL queries that the software...

EUVD-2025-201825

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

EUVD-2018-18197

Malware in sbrugna...

EUVD-2008-4116

Malware in sbrugna...

EUVD-2001-0539

Malware in sbrugna...

EUVD-2019-8665

Malware in sbrugna...

EUVD-2020-24493

Malware in sbrugna...

EUVD-2008-1741

Malware in sbrugna...

EUVD-2023-48233

Malicious code in bioql PyPI...

EUVD-2024-34737

Malicious code in bioql PyPI...

EUVD-2025-20620

Malicious code in bioql PyPI...

CLSA-2025-1758914697 httpd: Fix of 4 CVEs

CVE-2025-49630: fix assertion caused by untrusted clients triggering denial of service attack in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients using TLS 1.3 session resumption - CVE-2024-47252: escape user-supplied data to prevent log file injection in modssl -...

CVE-2025-49735

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

CVE-2025-49735

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...