1510 matches found
OPENSUSE-SU-2026:10853-1 libppsdocument4_0-6-50.1-2.1 on GA media
These are all security issues fixed in the libppsdocument40-6-50.1-2.1 package on the GA media of openSUSE Tumbleweed...
MAL-2026-3710 Malicious code in ethers-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sed: sed-4.10-1.hum1 aarch64, x8664 sed-4.10-1.hum1.src src...
Malicious code in sparkling-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a51b8dc4e5a69bd2a09d2bb1c705963de6b9513ff871237d21a5f6641abc0ac The package sparkling-sdk was found to contain malicious code. Source: ghsa-malware b0457cea0504e91fd51a3802d694a20e91fab0bf48731ae4a18c484eab349202...
CLEANSTART-2026-DK61762 filippo
Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. filippo. See references for individual vulnerability details...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
EUVD-2026-17095
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
PT-2026-29029
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
CVE-2026-30082 describes multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 . The issue allows an attacker to inject crafted payloads via the About application, What’s new, or Release note parameters to exe...
IngEstate Server 安全漏洞
IngEstate Server is a real estate asset management and information service platform developed by IngEstate Server Inc. IngEstate Server v11.14.0 contains a security vulnerability. This vulnerability stems from an editing function on the software package list page that allows for stored cross-site...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...
Malicious code in nodecognivault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7709482c6e8d04dee2a9310780eff8f0f31cb64800273088f08a5cd1a8570c0a The package nodecognivault was found to contain malicious code...
MAL-2026-2359 Malicious code in env-embed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb6e9ae149bf8b69194b4ae8fea78a4f31cbd1c01a9f65a188c063380b5c1d34 The package env-embed was found to contain malicious code...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
SUSE: Security Advisory (SUSE-SU-2026:20581-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2026:10150-1 cockpit-subscriptions-14.4-2.1 on GA media
These are all security issues fixed in the cockpit-subscriptions-14.4-2.1 package on the GA media of openSUSE Tumbleweed...