MAL-2026-4453 Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

Authorization Bypass

Jenkins OpenTelemetry Plugin is vulnerable to Authorization Bypass. The vulnerability is due to the plugin allows users with only Overall/Read permission to invoke functionality that connects to attacker-specified URLs using attacker-controlled credential IDs, and enables attackers to capture or...

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.2.1) +12 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.0.13)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...

The vulnerability in the /plugins/playbooks/api/v0/telemetry/run component of the application for instant messaging in Mattermost allows a malicious user to gain unauthorized access to information about AD/LDAP users.

The vulnerability of the /plugins/playbooks/api/v0/telemetry/run/ component in the Mattermost instant messaging application is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to user...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=1.0.0), com.airbus-cyber-security.graylog:graylog-plugin-logging-alert (>=1.0.0 <=1.0.1) +8 more potentially affected by CVE-2018-11651 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=2.4.3)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.0.0, =1.0.2, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2018-11651 Source advisory: OSV:GHSA-435G-R2M8-GJVM...