45 matches found
mahoraga (>=0.5.1 <=0.6.0), pixi-browse (>=0.0.1 <=0.0.13) +2 more potentially affected by CVE-2026-47425 via py-rattler (>=0.22.0 <=0.23.2)
py-rattler PYPI version =0.22.0, =0.5.1, =0.0.1, =0.1.0, =0.8.0 Source cves: CVE-2026-47425 Source advisory: OSV:GHSA-Q53Q-5R4J-5729...
Malicious Package
Overview wt-fe-buz-utilities-url is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview wt-fe-buz-business-stoplimit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
CVE-2026-21434
This CVE affects webtransport-go (versions 0.3.0 to 0.9.0). A WT_CLOSE_SESSION capsule with an oversized Application Error Message can be fully read and stored in memory due to lack of the draft-mandated 1024-byte limit, enabling memory exhaustion. The issue is fixed in version 0.10.0. Affected i...
GHSA-PX4R-G4P3-HHQV webtransport-go: CloseWithError can block indefinitely
Summary An attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WTCLOSESESSION capsule and causing the close operati...
Malicious Package
Overview wt-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in wt-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2d85a0a81bf32d87da2b57522113cf28e122344c75d7055ea5d5116d63f61e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48402 Malicious code in wt-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2d85a0a81bf32d87da2b57522113cf28e122344c75d7055ea5d5116d63f61e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2010-1302
Malware in sbrugna...
EUVD-2010-1303
Malware in sbrugna...
EUVD-2008-2521
Malware in sbrugna...
Malicious code in react-wt-jquery-and-css (npm)
The package react-wt-jquery-and-css was found to contain malicious code...
MAL-2025-31865 Malicious code in react-wt-jquery-and-css (npm)
The package react-wt-jquery-and-css was found to contain malicious code...
The vulnerability of the sub_456DE8() function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the sub456DE8 function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming system is related to the lack of data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows an attacker to execute...
CVE-2025-5492
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5492
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5492
Summary: CVE-2025-5492 affects D-Link DI-500WF-WT up to 20250511. The flaw is in /usr/sbin/jhttpd, within the function sub_456DE8 of /msp_info.htm?flag=cmd, where manipulating the cmd parameter enables remote command injection. Several sources confirm the impact and vulnerable endpoint; exploitat...
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...
CVE-2010-1273
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of 1 form values and 2 JSignal arguments, which has unspecified impact and remote attack vectors...