193 matches found
CVE-2026-31985 Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...
[SECURITY] Fedora 44 Update: podman-tui-1.11.3-1.fc44
podman-tui is a terminal user interface for Podman. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...
Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0
Summary When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. Impact A malicious actor could perform a man-in-the-middle attack and intercept the...
EUVD-2026-41664
A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...
[SECURITY] Fedora 43 Update: podman-tui-1.11.2-1.fc43
podman-tui is a terminal user interface for Podman. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...
[SECURITY] Fedora 44 Update: podman-tui-1.11.2-1.fc44
podman-tui is a terminal user interface for Podman. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...
Fedora 43 : podman-tui (2026-ac94948c8a)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ac94948c8a advisory. release 1.11.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 44 : podman-tui (2026-c55ec73fe2)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c55ec73fe2 advisory. release 1.11.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
DeepSeek TUI has SSRF IPV6 bypass
Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as http://::1, the SSRF defenses do not work. Details...
Server-side Request Forgery (SSRF)
Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl process. An attacker can gain unauthorized access to internal resources by supplying ...
Arbitrary Code Injection
Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the runtests process. An attacker can execute arbitrary code by introducing malicious test code into a...
NPM: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
NPM: DeepSeek TUI: runtests Tool Enables RCE via Malicious Repository Without Approval vulnerability discovered by ? in WordPress Npm deepseek-tui versions = 0.3.0, 0.8.23...
Server-side Request Forgery (SSRF)
Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl process. An attacker can access sensitive internal resources by supplying a URL that...
NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetchurl Tool vulnerability discovered by ? in WordPress Npm deepseek-tui versions 0.8.22...
Malicious code in tui-ascii-art (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4358458e150317ab394c6dd2d0137a8c395a32bae309cc1bfd829f123dab1393 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
org.webjars.npm:github-com-nhn-tui-image-editor (=3.10.1), org.webjars.npm:tui-image-editor (=3.15.3) potentially affected by CVE-2026-27013 via org.webjars.npm:fabric (>=3.6.0 <=4.5.0)
org.webjars.npm:fabric MAVEN version =3.6.0, =4.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:fabric and may be impacted: - org.webjars.npm:github-com-nhn-tui-image-editor =3.10.1 - org.webjars.npm:tui-image-editor =3.15.3 Source...
Aether Smart Contract Security Analysis Framework 4.7.1
Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...
How to Configure HTTP Proxy for Linux-based Veeam Components
Purpose This article documents how to configure HTTP and HTTPS Proxy settings for Linux-based components, including the Veeam Software Appliance and JeOS-deployed Veeam Infrastructure Appliances, in environments that require a proxy to access the internet. Note: For proxy configuration settings f...
EUVD-2025-137317
Malicious code in reion-tui-pix npm...
EUVD-2025-135675
Malicious code in teriu-tui-pix npm...