MAL-2026-2664 Malicious code in buildenv-telemetry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e56999171c1a81c357cd2b0847497fac643313bd0252be55a1d03cd40be48c1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in lanchain-openai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c312361541ed240dabd6df1f9cb9ed856a718dc8c8881f43bbacb429807e303 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

PT-2025-47408

Name of the Vulnerable Software and Affected Versions Sound4 IMPACT affected versions not specified Description The Sound4 IMPACT web-based management interface contains a flaw that allows for Remote Code Execution RCE through a specially crafted firmware update package. The system does not...

EUVD-2019-6174

Malware in sbrugna...

EUVD-2022-3683

Malicious code in bioql PyPI...

CVE-2025-10028

A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unittesting/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. Th...

CVE-2024-46981

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution. Mitigation A workaround to mitigate the problem without patching the redis-server executable is to...

CVE-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

Low: redis6

Issue Overview: A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. CVE-2022-24735 A flaw was found in the Red...

SUSE CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

SUSE CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

CentOS 7 : tomcat (CESA-2016:2046) (httpoxy)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

IBM AIX eNetwork Firewall 3.2/3.3 Insecure Temporary File Creation Vulnerabilities

No description provided by source. soure: http://www.securityfocus.com/bid/287/info IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID where PID is the...