browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49143 via browserstack-runner (>=0.2.1 <=0.9.4)

browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49143 Source advisory: OSV:GHSA-6VR3-7WCX-V5G5...

Malcontent security vulnerabilities

Malcontent is a supply chain attack detection tool developed by Chainguard. Versions of Malcontent prior to 1.20.3 contained a security vulnerability. This vulnerability stemmed from the possibility of creating symbolic links outside of the expected extraction directories when scanning specially...

CVE-2025-59469

This vulnerability allows a Backup or Tape Operator to write files as root...

CVE-2020-7201

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery CSRF...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

CVE-2025-55125

This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...

CVE-2025-55125

This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...

PT-2026-1822

Name of the Vulnerable Software and Affected Versions Veeam Backup & Recovery versions prior to 13.0 Description The issue allows a Backup or Tape Operator to write files as root, leading to potential privilege escalation. Multiple reports indicate this is a critical security concern...

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36239

Summary The Web UI page that prompts a user to change their expired password was vulnerable to cross-site scripting XSS, because a URL parameter was used directly in HTML output without sanitization. An authenticated user with access to this page could inject arbitrary JavaScript. The impact was...

EUVD-2012-5650

Malware in sbrugna...

EUVD-2014-2981

Malware in sbrugna...

EUVD-2004-2134

Malware in sbrugna...

EUVD-2011-1379

Malware in sbrugna...

EUVD-2016-9830

Malware in sbrugna...

EUVD-2007-1442

Malware in sbrugna...

EUVD-2012-1854

Malware in sbrugna...

EUVD-2021-1229

Malware in sbrugna...

EUVD-2017-7802

Malware in sbrugna...

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2024-43192

Summary Certain HTML forms in the web GUI did not use anti-CSRF tokens, allowing attackers to trick authenticated users into performing unintended actions. The issue has been resolved by adding CSRF protection to the affected forms. Vulnerability Details CVEID:CVE-2024-43192 DESCRIPTION: IBM...

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2021-23450

Summary The tape library web GUI used an outdated version of the JavaScript library dojo.js containing a prototype pollution vulnerability. This could potentially be leveraged to facilitate XSS attacks in the browser, or, if executed server-side, to enable remote code execution. The issue has bee...