22 matches found
Malicious code in @my_name_is_khn/express-security-tool-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e77b441acf56551e84d7dcac2da89dd7f287f6c0a6c028c669d78a90e6c58d3 On npm install, the package's postinstall script scripts/inject.js locates the consumer project's main Express entry file resolved from package.json...
MAL-2026-5550 Malicious code in @my_name_is_khn/express-security-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...
Malicious code in @my_name_is_khn/express-security-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...
CVE-2026-45053
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...
SUSE CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
HSEC-2026-0006 Cabal deletes project source files during configure
Cabal deletes project source files during configure The checkDuplicateHeaders function in Distribution.Simple.Configure removes header files from the source directory when a header with the same name exists in both the build directory and the source directory. This behavior was introduced in comm...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59897 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
EUVD-2025-206497
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise have cross-site scripting vulnerabilities
Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are both products of Flexense Corporation. Flexense Sync Breeze Enterprise Server is a network file synchronization software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. Both the Flexense...
Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...
SUSE CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
[SECURITY] Fedora 36 Update: kernel-tools-5.17.11-300.fc36
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 29 Update: kernel-tools-5.2.7-100.fc29
This package contains the tools/ directory from the kernel source and the supporting documentation...
open build service information disclosure vulnerability
The open build service is a general-purpose system for building and distributing packages from source code in an automated, consistent and repeatable manner. A security vulnerability exists in the bsworker code in versions of open build service prior to 20170320. An attacker can exploit the...
CVE-2017-5188
The bsworker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information...
Design/Logic Flaw
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/...