32 matches found
Malicious Package
Overview material-ui-plugin-cache-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
CVE-2026-25705
A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...
CVE-2026-25705
A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...
CVE-2026-25705
A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...
CVE-2026-25705
CVE-2026-25705 describes a path-traversal vulnerability in Rancher Extensions where the compressedEndpoint field in a UIPlugin deployment can be abused to overwrite Rancher binaries/configs, tamper with cluster state in /var/lib/rancher/, and, if hostPath volumes are mounted, write to the host no...
Directory Traversal
Overview github.com/rancher/rancher/pkg/nodeconfig is a complete container management platform Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with...
Rancher Extensions have arbitrary file access via path traversal
Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...
GHSA-5V3H-X4WF-5C35 Rancher Extensions have arbitrary file access via path traversal
Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...
Malicious code in material-ui-plugin-cache-endpoint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45efd49ad74d002b46224881218cf53c763e58c0b71ed3d3ff3a79d1021f3a64 The package material-ui-plugin-cache-endpoint was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2926 Malicious code in material-ui-plugin-cache-endpoint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45efd49ad74d002b46224881218cf53c763e58c0b71ed3d3ff3a79d1021f3a64 The package material-ui-plugin-cache-endpoint was found to contain malicious code. Source: ghsa-malware...
WordPress Custom Post Type UI plugin <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability
Missing Authorization to Unauthenticated Previously Administrator+ Custom Post Type Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin Custom Post Type UI versions = 1.18.0...
EUVD-2025-115495
Malicious code in chakra-ui-eslint-plugin-dependencies-geckodriver npm...
MAL-2025-141987 Malicious code in element-ui-winston-html-webpack-plugin-npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 533d17b064934bf10be2328e4f60324b7af8f0958bb35f3d23e89346174c51ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-114123
Malicious code in element-ui-winston-html-webpack-plugin-npm npm...
Malicious code in chakra-ui-eslint-plugin-dependencies-geckodriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4e7a73390160c376cfb3e4a5257b5aac4adef6048328297cde111fdbe358c8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.7.0 release
Red Hat OpenShift distributed tracing platform Tempo 3.7.0 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides new features, security improvements, and bug fixes. Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Nothing...
MAL-2025-27414 Malicious code in nexus-ui-plugin (npm)
The package nexus-ui-plugin was found to contain malicious code...