Malicious Package

Overview @polka-ui/config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4834 Malicious code in @polka-ui/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662c2a1b8ad5d264ec01b078f95c130c96398305ba009a2c2de33cc9d7db7486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @polka-ui/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662c2a1b8ad5d264ec01b078f95c130c96398305ba009a2c2de33cc9d7db7486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

Opencast has a partial path traversal vulnerability in UI config

The protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the...

GHSA-HQ8M-V68G-8CF8 Opencast has a partial path traversal vulnerability in UI config

The protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the...

Malicious code in jasmine-stream-element-ui-config (npm)

The package jasmine-stream-element-ui-config was found to contain malicious code...

MAL-2025-23645 Malicious code in jasmine-stream-element-ui-config (npm)

The package jasmine-stream-element-ui-config was found to contain malicious code...

Important: Red Hat Security Advisory: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update

An update is now available for Red Hat build of Quarkus Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Remote Code Execution (RCE)

quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor...

CVE-2022-4116

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

PT-2022-6100 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: quarkus affected versions not specified Description: The issue is related to the Dev UI Config Editor component of the quarkus Java framework, which is vulnerable to remote code execution due to incorrect code generation management. This can...

UBUNTU-CVE-2021-32271

An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odfdump.c. It allows an attacker to cause code Execution...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a stack buffer overflow vulnerability exists in the DumpRawUIConfig function in odfdump.c in GPAC 20200801 and earlier versions. An attacker could exploit this vulnerability to execute code...