733225 matches found
RHEL 9 : .NET 8.0 (RHSA-2026:28011)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28011 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1869)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1869 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...
RHEL 10 : .NET 9.0 (RHSA-2026:28009)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28009 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
📄 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 Missing Secure-Boot / Static Passwords
Sprecher Automation SPRECON-E-C/-E-P/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory, use of static passwords, and hard-coded vendor accounts. SEC Consult Vulnerability Lab Security Advisory...
📄 Worksnaps.net Worksnaps Hardcoded Root Cloud Credentials
Silver Leaf Technologies - Worksnaps.net Worksnaps suffers from a hardcoded credential vulnerability. Several application binaries contained hardcoded credentials, such as AWS access keys and S3 bucket names, which granted access to the production environment. Those hardcoded AWS cloud credential...
📄 PHP 8.5.7 mb_substr() Underflow
PHP version 8.5.7 suffers an underflow condition that can be exploited to trigger a denial of service condition. PHP 8.5.7 mbsubstr 'SJIS-mac' sizet underflow Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory: https://fereidani.com/php-857-mbsubstr-sjis-mac-sizet-underflow Contact:...
SUSE SLES15 Security Update : kubernetes-old (SUSE-SU-2026:2460-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2460-1 advisory. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. -...
Malicious code in hyperpure-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dd43b980c7b5e3230ee57e6974d40804e54997ed88877ced301402dbcdef4c Package impersonates a Zomato internal namespace name hyperpure-core, repository URL pointing to github.com/zomato/hyperpure-core while shipping a...
MAL-2026-6250 Malicious code in hyperpure-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dd43b980c7b5e3230ee57e6974d40804e54997ed88877ced301402dbcdef4c Package impersonates a Zomato internal namespace name hyperpure-core, repository URL pointing to github.com/zomato/hyperpure-core while shipping a...
create-poc-template-skills
create-poc-template 中文 A skill for AI coding...
Malicious code in zomato-sushi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...
MAL-2026-6254 Malicious code in zomato-sushi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f631d7af366bbb607f9088550a64939e395d0ce1199777828269de5772d860c package.json declares a preinstall script that runs curl with form-encoded fields carrying the installer's hostname hostname -f, whoami, current...
Malicious code in zomato-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dccb8b8b32337c2a257a763c273e03367ec07c904b5db0c07dbf514d546709d On npm install, the package's preinstall lifecycle script in package.json runs curl to POST the installer's hostname, current user whoami, working...
MAL-2026-6252 Malicious code in zomato-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dccb8b8b32337c2a257a763c273e03367ec07c904b5db0c07dbf514d546709d On npm install, the package's preinstall lifecycle script in package.json runs curl to POST the installer's hostname, current user whoami, working...
Exploit for Infinite Loop in Pypdf_Project Pypdf
CVE-2026-24688 - pypdf - Circular Reference DoS Vulnerability...
Exploit for Improper Input Validation in N8N
CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...
Exploit for Eval Injection in Xwiki
CVE-2025-24893 - XWiki Unauthenticated RCE Exploit POC ⚠️ U...
elevate-kit
elevate-kit Local privilege escalation enumeration scripts fo...
Malicious code in jsonschema-viewer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...
MAL-2026-6248 Malicious code in jsonschema-viewer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...