MAL-2026-4769 Malicious code in soundsource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3285c5fec24c01c9c463e85c199934f5a08da7e94277583430a6e3feb274add The package's source distribution contains Token.txt at the tarball root holding a live PyPI API token prefix pypi-AgEIcHlwaS5vcmc.... Anyone who...

CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

CVE-2025-14476 Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated...

EUVD-2020-6197

Malware in sbrugna...

CVE-2025-4370

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on processexternalasseturls function as well as missing path validation in storefile function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated...

CVE-2020-14031

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...

CVE-2020-21481

An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file...

CVE-2024-42758

A Cross-site Scripting XSS vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki Open Source Wiki Engine. A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is the...

Exploit for CVE-2024-1208

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

RGCMS code issue vulnerability

RGCMS is a web CMS. v1.06 of RGCMS contains a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted .txt file, which will later be changed to a PHP file...

The vulnerability of the ReadTXTImage() function in the ImageMagick console graphics editor’s coders/txt.c component allows a malicious actor to cause a service failure due to a numerical overflow of the value being read.

The vulnerability of the ReadTXTImage function in the ImageMagick console graphics editor’s coders/txt.c component is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to cause a service failure by invoking the TXT file, which requires a very large value ...

CVE-2020-14031

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...

Design/Logic Flaw

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...

CVE-2020-14031

Ozeki NG SMS Gateway (versions up to 4.17.6) contains an arbitrary file deletion vulnerability in the TXT File module’s Outbox feature. An attacker can delete all/most files in a folder, with the product typically running under NT AUTHORITY\SYSTEM, meaning only running/security attribute-protecte...

FreeCommander XE 2020 Pathname Buffer Overflow Exploit

!/usr/bin/python Exploit Title: FreeCommander XE 2020 - Pathname Buffer Overflow SEH Version: Build 810a 32-bit Software Link: https://freecommander.com/downloads/FreeCommanderXE-32-publicsetup.zip Exploit Author: Hodorsec email protected / email protected Vendor Homepage:...

Directory traversal

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfuincludelib call...

CVE-2019-9116

DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublimetext.exe to open a .txt file within an attacker's...

CVE-2018-20604

Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...

10-Strike Bandwidth Monitor 3.7 Local Buffer Overflow

Title: 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow SEH Date: 2018-07-24 Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/bandwidth-monitor/download.shtml Run script, open up generated txt file and copy to...