362689 matches found
[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43
A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...
Malicious code in fast-dotenv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cc334bd438168239b92c3ca3bbaaeeeab56e9b325efa8e7be20ef87356e4f638 When using the library, it schedules a delayed malware activation. Malicious code contacts remote URLs to get C2 location, then performs machine fingerprinting...
Malicious code in pipspeed (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813 Apache Tomcat - Remote Code Execution via Sessi...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-jms Forged DefaultExchangeHolder Filter-Bypass Reproduce...
CVE-2026-56271
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
CVE-2026-56260
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...
CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
CVE-2026-56271
Flowise prior to 3.1.0 (versions
EUVD-2026-43228
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...
CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...
CVE-2026-56260
CVE-2026-56260 affects Crawl4AI
EUVD-2026-43227
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...
Malicious code in jupiter-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e0901ca45da110106c60f288b0166fc51c348a44569d7e7ff22af3d19deafe On import jupitersdk, the package's top-level init.py fetches a payload over HTTPS from a public IPFS gateway...
Malicious code in eth-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3131490d64c4ae90de2926ca90f6fce23e6a113d1e6538db5ce98ffcf06983d1 The top-level ethagent/init.py performs an outbound HTTP fetch to a hardcoded IPFS gateway URL...
Malicious code in metemask-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99855c93b46f7b996a005065c319bbb24c9d1f497d05dfd38fc83d1b21facdd metemask-sdk is a typosquat of the legitimate metamask-sdk package. On import, the top-level init.py performs an outbound HTTP fetch to...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-hazelcast Default-Instance Unsafe Deserialization Reprod...
Exploit for CVE-2026-4631
CVE-2026-4631 — Cockpit Mass Exploit Tool Unauthenticated...
Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager
Executive Summary The CVE-2026-20127 Defensive Companion is a...
WP Content Copy Protection & No Right Click - Open Redirect
The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...