4415 matches found
Emerson Dixell XWEB-500 - Arbitrary File Write
Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...
Malicious code in ethereum-lib-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...
Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
MAL-2026-10591 Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
MAL-2026-10558 Malicious code in akshajrawat.utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...
MAL-2026-10540 Malicious code in postcss-processor-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...
Malicious code in postcss-processor-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...
Malicious code in eth-lib-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13895e2e8ee4aa9683c2fd6f0f873a38b19bbc5af207233e22c51668bc7dba41 Package [email protected] impersonates @ethereumjs/util / ethereumjs-util README, author list, repository URL, and source tree copied from the...
MAL-2026-10499 Malicious code in eth-lib-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13895e2e8ee4aa9683c2fd6f0f873a38b19bbc5af207233e22c51668bc7dba41 Package [email protected] impersonates @ethereumjs/util / ethereumjs-util README, author list, repository URL, and source tree copied from the...
maven:3.9 security update
An update is available for module.maven, apache-commons-io, slf4j, apache-commons-codec, jsr-305, plexus-containers, guava, httpcomponents-client, module.sisu, module.plexus-classworlds, plexus-interpolation, aopalliance, module.httpcomponents-core, module.apache-commons-io, atinject, google-guic...
Important: Red Hat Security Advisory: plexus-utils security update
An update for plexus-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHSA-2026:38514 Red Hat Security Advisory: plexus-utils security update
Bulletin has no description...
Important: Red Hat Security Advisory: plexus-utils security update
An update for plexus-utils is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: maven:3.9 security update
Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Travers...
CVE-2026-15326
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...
CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...
CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...
cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening
A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...
EUVD-2026-42234
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...
CVE-2026-15033 christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...