Malicious Package

Overview opensearch-setup-tool is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

PT-2026-45073

Name of the Vulnerable Software and Affected Versions Apache Solr versions 9.4.0 through 9.10.1 Apache Solr version 10.0.0 Description The Basic Authentication setup tool bin/solr auth enable contains hardcoded credentials. This allows a remote attacker to gain full administrative access to the...

CVE-2026-4192

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

Quip MCP Server 命令注入漏洞

Quip MCP Server is a documentation-based server developed by AvinashBole. Version 1.0.0 of Quip MCP Server has a command injection vulnerability, which stems from incorrect operations on the function setupToolHandlers in the file src/index.ts, potentially leading to command injection...

CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

CVE-2026-4192

The CVE-2026-4192 entry concerns AvinashBole quip-mcp-server 1.0.0, where the function setupToolHandlers in src/index.ts is vulnerable to command injection. The vulnerability is described as exploitable remotely, with the exploit publicly disclosed and the project reportedly not responding to the...

CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

PT-2026-25567

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

EUVD-2016-8033

Malware in sbrugna...

EUVD-2017-2474

Malware in sbrugna...

EUVD-2017-2469

Malware in sbrugna...

EUVD-2021-14182

Malware in sbrugna...

EUVD-2005-0595

Malware in sbrugna...

SUSE CVE-2005-4772

liby2util in Yet another Setup Tool YaST in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013...

Schneider Electric PowerLogic ION Setup 安全漏洞

Schneider Electric PowerLogic ION Setup is a free, user-friendly configuration tool from Schneider Electric France. It provides an intuitive environment for setting up and verifying the settings of PowerLogic meters and other devices. A security vulnerability exists in Schneider Electric that ste...

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

Information Disclosure

productsgenericsetup is vulnerable to information disclosure. The vulnerability exists because the function ensureSnapshotsFolder does not tighten the permissions for access control on setup tool log files and snapshot files and folders, allowing anonymous visitors to view log and snapshot files...

GHSA-JFF3-MWP3-F8CW Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup

Impact What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. Patches Has the problem been patched? What versions should users upgrade to? The problem has been fixed in versi...

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

USN-4614-1 gdm3 vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...