PT-2026-45406

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update ss img.php. The manipulation of the argument topic id results in sql injection. The attack can be executed remotely. The exploit has been release...

PT-2026-45439

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...

📄 Espanso 2.3.0 Configuration Injection

This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...

CodeAstro Ingredients Stock Management System SQL Injection Vulnerability

The CodeAstro Ingredients Stock Management System is a inventory management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Ingredients Stock Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter txtsearchcatego...

PT-2026-45492

Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Malicious Package

Overview @cloudplatform-single-spa/cloudia is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview @cloudplatform-single-spa/key-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @cloudplatform-single-spa/svp-lbaas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

Malicious Package

Overview @cloudplatform-single-spa/corax is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

Malicious Package

Overview @cloudplatform-single-spa/virtual-ip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview @cloudplatform-single-spa/svp-vm-migration is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Malicious Package

Overview @cloudplatform-single-spa/ml-inference-docker-run is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...