256843 matches found
Malicious code in cipherflow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 281ede3c5b3181c2df22a4b32a01453a51ac389a1dfe8bde69d53821cbaf20d4 cipherflow advertises itself as a zero-dependency pure-Python AES/DES library, but cipherflow/environ.py contains a multi-layer-obfuscated payload th...
EUVD-2026-36932
Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...
EUVD-2026-36757
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
EUVD-2026-36759
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...
EUVD-2026-36743
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...
CVE-2026-48836
Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...
CVE-2026-39465
Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...
CVE-2026-48017 DbGate: Remote Code Execution via functionName injection in loadReader endpoint
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...
CVE-2026-48017
Summary (CVE-2026-48017) DbGate
CVE-2026-48836 WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...
EUVD-2026-36844
Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...
CVE-2026-48836
The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...
CVE-2026-39465 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability
Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...
CVE-2026-39465
CVE-2026-39465 : The WordPress plugin Responsive Slider by MetaSlider (versions
CVE-2026-53705
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
DEBIAN-CVE-2026-53705
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
CVE-2026-52720
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
CVE-2026-30120
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...
Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...