31090 matches found
MAL-2026-6231 Malicious code in improvado-layout-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...
Malicious code in improvado-layout-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...
CVE-2026-49260
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...
CVE-2026-49260
CVE-2026-49260 affects PhpWeasyPrint prior to 2.5.1. The vulnerability arises from building the WeasyPrint command by passing the binary path through escapeshellarg() and then validating the quoted result with is_executable(); on POSIX systems this makes the bin path string contain quotes, causin...
CVE-2026-49260
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...
MAL-2026-6227 Malicious code in new-ts-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ae4cecdfa22793382d07d28a25ba5fabd54ac405cb94e642a1f96faee80 index.js imports childprocess and at lines 101 and 117 invokes execSync to run bash and zsh commands. Lines 9, 194, and 195 use Buffer.from...,...
Malicious code in new-ts-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ae4cecdfa22793382d07d28a25ba5fabd54ac405cb94e642a1f96faee80 index.js imports childprocess and at lines 101 and 117 invokes execSync to run bash and zsh commands. Lines 9, 194, and 195 use Buffer.from...,...
MAL-2026-6191 Malicious code in node-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91f23a964fca4e1984aecce2dbc51fc6bfa1ffe77725ee5f0e8d2f7a5c5514d8 node-slot 1.0.7 contacts https://datasecure-service.vercel.app/api/v1 to retrieve scan and block patterns, then walks the user's home directory or...
Malicious code in node-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...
MAL-2026-6188 Malicious code in eslint-helper-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfadd6e70cf70ee03d7aae8bfcaa916d29073c5e09ca614bfcb4538c3efc1832 Package masquerades as an ESLint helper but contains code in index.js that decodes base64 blobs through Buffer.from..., 'base64'.toString and pipes t...
Malicious code in eslint-helper-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfadd6e70cf70ee03d7aae8bfcaa916d29073c5e09ca614bfcb4538c3efc1832 Package masquerades as an ESLint helper but contains code in index.js that decodes base64 blobs through Buffer.from..., 'base64'.toString and pipes t...
MAL-2026-6190 Malicious code in mjs-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...
Malicious code in mjs-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...
Malicious code in fluent-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...
MAL-2026-6182 Malicious code in fluent-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...
EUVD-2026-37959
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...
PT-2026-50965
Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.5.1 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software contains a shell command injection flaw occurring when the binary path for WeasyPrint is processed...
CVE-2026-56075
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...
CVE-2026-56075
PrasionAI before 4.5.128 contains an arbitrary shell command execution vulnerability in which UI modules hardcode approval_mode to auto, overriding the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to instruct the LLM agent to run arbitrary commands via subproces...
CVE-2026-56075 PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...