148272 matches found
UBUNTU-CVE-2026-12391
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic informatio...
UBUNTU-CVE-2026-11386
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026)
Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
CVE-2026-55629
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read
Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...
ArcadeDB: IMPORT DATABASE allows SSRF and arbitrary local file read by authenticated users
Impact The SQL IMPORT DATABASE statement did not require administrative privileges and passed its source URL to the importer without validation. Any authenticated user with SQL command access not only root/administrators could therefore: - Server-Side Request Forgery CWE-918: cause the server to...
Exploit for CVE-2024-25600
BricksRCE Exploiter CVE-2024-25600 — WordPress Bricks Bui...
Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container
Summary Nuclio Dashboard exposes POST /api/functions without authentication by default NOP auth mode. The spec.handler field e.g., mymodule:myfunction is parsed by functionconfig.ParseHandler which splits on : only — no path validation is applied to the module portion. During function build,...
Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE
Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...
Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure
Impact The toabsolutenormalizedpath function security.lua:28-43 does not collapse redundant path separators // → /. On Linux, //etc/passwd is equivalent to /etc/passwd POSIX path semantics, but iscriticalpath fails to match the double-slash variant because //etc/passwd does not start with /etc/...
CVE-2026-55629 Whistle: Path traversal
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
CVE-2026-55629
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
CVE-2026-55629
CVE-2026-55629 affects Whistle (HTTP/HTTP2/HTTPS/WebSocket proxy). Before 2.10.3, the code path in lib/service/service.js for GET /cgi-bin/temp/get uses req.query.filename and joins it to TEMP_FILES_PATH only if it matches the temp-file pattern; otherwise it passes the user-supplied filename to g...
EUVD-2026-45030
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
Malicious code in nordpass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9df6f21fababcd99ba522d380a0729d35aa4ff44ee2f6612fe75b906da844aee Package name impersonates the NordPass password-manager product while presenting itself as 'A simple authentication module.' The package.json...
Malicious code in infrastructure-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d64169ae87d8d9eaad199be028a70610f025f61e0c947838c05c24a1dd4d5578 package.json declares a preinstall lifecycle script that runs node -e to issue an HTTP GET to a Burp Collaborator subdomain at...
Malicious code in myreviews-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c41d5d4352e265f0efbc0089a19c5773ceeb76c0265831eeeeca19151fe4f64 package.json declares a postinstall lifecycle hook that runs node -e to issue an HTTPS GET to a hardcoded webhook.site collector URL, appending the...
Malicious code in date-utils-light (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99bd644fd9a59518d6f77e8d76c077ffef8a2afdc7ae2b00a6ca87299879a671 Package presents itself as a trivial date-formatting utility index.js exports a one-line ISO date helper but ships a postinstall.js that runs...
Malicious code in @hibachi-xyz/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54956c91d0cedbe9097a2a8f7fa864382bd3b5a91ba7ccbe4a0219081be711f9 index.js the package main executes at require-time and performs credential and host exfiltration. It iterates process.env and filters keys matching a...
Malicious code in @across-toolkit/typescript-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5580d26d1829c9faf6465962431399aee9804c8ed1264274b30b9ce42f274bd9 Package impersonates the across-protocol organization published as @across-toolkit/[email protected], a high-version dependency-confusion shap...