Malicious code in @sentry-internal-sdk/profiling-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7951165844874f57819b0d63b8c8511e4e9217bf0f9231ec02f06cb6e059c47 Package name @sentry-internal-sdk/profiling-node impersonates the legitimate @sentry/profiling-node Sentry publishes under the @sentry org; no...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

CVE-2026-26336

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

CVE-2026-26336

CVE-2026-26336 affects Hyland Alfresco. Unauthenticated attackers can read arbitrary files from protected directories (e.g., WEB-INF) via the /share/page/resource/ endpoint, causing disclosure of sensitive configuration files. The issue stems from improper access control on the resource endpoint,...

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...

CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

EUVD-2025-21741

Malicious code in bioql PyPI...

EUVD-2023-50133

Malicious code in bioql PyPI...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-34130

CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...

CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-25022

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files...

CVE-2025-25022

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files...

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-8539

CVE-2024-8539 : Ivanti Secure Access Client is affected by improper authorization that allows a local authenticated attacker to modify sensitive configuration files. Affected software: Ivanti Secure Access Client prior to version 22.7R3. Impact: local privilege via manipulation of configuration f...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

Vulnerability fixed in Ivanti Endpoint Manager Mobile

Ivanti has fixed a vulnerability in Endpoint Manager Mobile. A locally authenticated malicious party could exploit the vulnerability to obtain read and write permissions to sensitive configuration files. Ivanti has released updates to fix the vulnerability in Endpoint Manager Mobile. See the...

CVE-2024-7612

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components...

CVE-2024-7612

Ivanti EPMM (Endpoint Manager Mobile, formerly MobileIron Core) prior to version 12.1.0.4 is affected by an insecure permissions issue that allows a locally authenticated attacker to modify sensitive application components and configuration files. Core impact is high, including potential read/wri...