2987 matches found
CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021536)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021536 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 mm: /proc/pid/smapsrollup:...
2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5088860)
2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5088860...
May 12, 2026—KB5087471 (Monthly Rollup)
None None...
May 12, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB5087062)
None None...
rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...
rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...
Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview rollup-plugin-polyfill-route is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-3009 Malicious code in rollup-plugin-polyfill-route (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013814)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013814 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 mm: /proc/pid/smapsrollup:...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013391)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013391 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 mm: /proc/pid/smapsrollup:...
SUSE-SU-2026:1524-1 Security update 5.1.3 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup bsc1258893 +...
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5084069)
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5084069...
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5084070)
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5084070...
April 14, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB5082400)
None None...
The vulnerability of the Rollup module extractor is related to incorrect restrictions on the path name to the catalog, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Rollup module extractor is related to an incorrect limitation on the path name to the catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-prometheus-prometheus: CVE-2026-27606: Fix arbitrary file write via path traversal in rollup bsc1258893 Bump rollup to version 4.59.0 Drop SLE 12 support jscPED-15474 CVE-2026-25547: Fix unbounded brace range expansion leading to excessive CPU...
Malicious Package
Overview rollup-plugin-polyfill-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in rollup-plugin-polyfill-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...