1978 matches found
Malicious code in sy-editor-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cbd7c2056a09f76b9e73fbd0dae4370df9df455077146ae85b6b985b0394d4f The package sy-editor-v3 was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview koa-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2026-21009
OpenPLCV3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API...
CVE-2026-35063 Missing Authorization in OpenPLC_V3
OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...
CVE-2026-35063
OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...
CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...
TencentOS Server 3: nfs-utils (TSSA-2026:0202)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0202 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
GHSA-8689-GM9G-JGR6 OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering
Summary Plivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key. Impact An attacker who captured one valid signed Plivo V3 webhook could...
SUSE CVE-2026-33987
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...
CLSA-2026-1774874764 squid: Fix of 3 CVEs
CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...
CVE-2026-4346
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...
EUVD-2026-16452
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...
@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +20 more potentially affected by CVE-2026-33750 via brace-expansion (>=1.1.0 <=1.1.11)
brace-expansion NPM version =1.1.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.1.1, =1.0.3-dev.20180316T104657Z.4a84a30, =1.1.0 and more Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...
Malicious code in @validates-sdk/v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f6dc99183ad11d3293d19966af14cd33cf7ed4ad00f3de9d6f07e5842a9234 The package @validates-sdk/v3 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1588 Malicious code in @bingads-webui-help/apex.core.v3.min (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87351101634ee5726eaa0ee76ecaec8529226c993a610ea5a2d1b7521778bd5a The package @bingads-webui-help/apex.core.v3.min was found to contain malicious code...
Malicious code in test6789.v3 (NuGet)
--- -= Per source details. Do not edit below this line.=-...
CVE-2019-25512
CVE-2019-25512 affects Jettweb PHP Hazir Haber Sitesi Scripti V3. The vulnerability is an SQL injection exploitable through the kelime parameter in POST requests, allowing UNION-based payloads to extract or modify database contents. The reports indicate a NETWORK attack vector with LOW complexity...
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service DoS, or potentially...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Ready-made News Sites Script is a content management system developed by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from the kelime parameter, which allows for SQL injections. It coul...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the login.php administration panel,...