2554 matches found
IBM BigFix Platform - Information Disclosure
IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...
Malicious code in proxy-check-i (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...
Malicious code in zod-pino434 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...
Malicious code in zod-pino444 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...
MAL-2026-6795 Malicious code in zod-pino444 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...
PT-2026-55904
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel IRC component due to improper input validation and...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability
Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...
GHSA-MPWR-8VM7-H73F vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-azure-sql, x509-certificate-exporter, crossplane-provider-azure-resources, crossplane-provider-azure-policyinsights, nfpm, crossplane-provider-azure-synapse,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, zot, crossplane-provider-azure-synapse, agentbeat-fips, crossplane-provider-aws-appflow-fips, rancher-machine, cilium, docker-cli-buildx-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, zot, crossplane-provider-azure-synapse, agentbeat-fips, crossplane-provider-aws-appflow-fips, rancher-machine, cilium, docker-cli-buildx-fips,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, zot, kyverno-policy-reporter-plugins-kyverno-fips, go-discover-fips, flux-operator-fips, crossplane-provider-azure-resources,...
Malicious code in ai-node-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae845382ff29756db63bf611b9b6bdbd49c44be3bcc8b283512e6590182ac48b ai-node-relay ships dist/index.js as its npm main entry, processed with javascript-obfuscator string-array rotation, 0x-prefixed identifiers, base64...
MAL-2026-6518 Malicious code in ai-node-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae845382ff29756db63bf611b9b6bdbd49c44be3bcc8b283512e6590182ac48b ai-node-relay ships dist/index.js as its npm main entry, processed with javascript-obfuscator string-array rotation, 0x-prefixed identifiers, base64...
EUVD-2026-39219
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrackirc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given...
PT-2026-52363
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the netfilter conntrack irc helper. The issue occurs when parsing fails after a command string has been matched; the system attempts to match a different...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, temporal-server, zot, crossplane-provider-azure-synapse, agentbeat-fips, rancher-machine, cilium, beats-fips, apply-cve-bump, falcosidekick,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, temporal-server, zot, crossplane-provider-azure-synapse, agentbeat-fips, rancher-machine, cilium, beats-fips, apply-cve-bump, falcosidekick,...
Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...
MAL-2026-6273 Malicious code in zod-pino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...
📄 N-able Mail Assure Authentication Bypass
N-able Mail Assure appears to suffer from a cross-tenant authentication bypass vulnerability via spoofing. CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure CVE ID: CVE-2025-68624 Status: DISPUTED CWE: CWE-290 Authentication Bypass by Spoofing Affected Product:...