10 matches found
CVE-2025-13828
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges...
Malicious code in transform-webdriver-mocha-webdriver-mocha-telesto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52e5abf93e13670c0204d1213efaf2185a6c74e9b7579971752240918009cebe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-86540
Malicious code in dewi-soto46-miaww npm...
EUVD-2025-14756
Malicious code in bioql PyPI...
CVE-2025-31484
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
PT-2024-9247 · Solana · @Solana/Web3.Js
Name of the Vulnerable Software and Affected Versions: @solana/web3.js versions 1.95.6 through 1.95.7 Description: A publish-access account was compromised for @solana/web3.js, a JavaScript library commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious...
CVE-2021-3840
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...
CVE-2021-3840
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...
Deepin Linux 15 - lastore-daemon Local Privilege Escalation
Deepin Linux 15 - lastore-daemon Local Privilege Escalation !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in...
RHEL 6 : Red Hat Network Satellite spacewalk-backend (RHSA-2012:0436)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0436 advisory. Red Hat Network RHN Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote...