163 matches found
EUVD-2026-32646
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...
Malicious code in events-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...
PT-2026-37277
Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A low-privileged user with page creation permissions can perform stored Cross-Site Scripting XSS by injecting an svg element. This occurs because the XSS filter in the detectXss function uses a...
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads...
CVE-2026-7698
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v22 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx-dcbios-integratedinfo while it was NULL. DAL parse...
EUVD-2026-26836
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
MAL-2026-1382 Malicious code in @immuta/flag-providers-web (npm)
Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...
CVE-2026-2693
A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The...
CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization
A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The...
CVE-2026-2693
CVE-2026-2693 affects CoCoTeaNet CyreneAdmin up to version 1.3.0. The vulnerability resides in the System Info Endpoint component, specifically /api/system/dashboard/getCount, where improper authorization can be exploited. The issue can be triggered remotely over the network, and public disclosur...
CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization
A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The...
CVE-2025-14667
A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=systeminfo. Such manipulation of the argument metavalue leads to sql injection. The attack may be performed from remote. The exploit has been...
PT-2025-51169
Name of the Vulnerable Software and Affected Versions itsourcecode COVID Tracking System version 1.0 Description A security issue exists in itsourcecode COVID Tracking System version 1.0. The issue involves a SQL injection that can be triggered by manipulating the meta value argument in the file...
MAL-2025-48689 Malicious code in hyatt-album (npm)
Malicious package does system info exfiltration, arbitrary code execution via install scripts, and a suspicious version number. The package communicates with a domain associated with malicious activity...
EUVD-2020-29293
Malware in sbrugna...
EUVD-2021-11900
Malware in sbrugna...
EUVD-2024-36249
Malicious code in bioql PyPI...
EUVD-2022-35231
Malicious code in bioql PyPI...