@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.7.87) +55 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =1.0.1, =2.8.0-canary.140, =2.20.0 - @tensorflow/tfjs-vis =1.5.1 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

GHSA-QHM8-M2C4-9MW7 Downloads Resources over HTTP in qbs

Affected versions of qbs insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

Downloads Resources over HTTP in qbs

Affected versions of qbs insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

qbs remote code execution vulnerability

qbs is a set of automated build tools that manage the process of building software projects across multiple platforms. A security vulnerability exists in qbs that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the...

Man-in-the-Middle (MitM)

qbs is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network o...

CVE-2016-10656

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

Remote code execution

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

CVE-2016-10656

The provided documents confirm that qbs vulnerably downloads binary resources over HTTP, enabling a potential MITM attacker on the network to swap the requested binary with a malicious one and possibly execute code on the host. The risk is described as remote code execution under network-position...

CVE-2016-10656

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

Downloads Resources over HTTP

Overview Affected versions of qbs insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...