905977 matches found
MAL-2026-6734 Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad72fe1fdc56e7fb5716a906fb8481bfe1e477d2f97c649d5db853a79130628a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MINI-FVFF-6HV7-V852
Bulletin has no description...
MINI-79FC-MM74-J2MC
Bulletin has no description...
MAL-2026-6733 Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 93043b3f00a64c66fb0680256387471b656f222556c282c9cb1680347f14fae8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MINI-4FWW-23WV-8FXJ
Bulletin has no description...
MINI-CCCV-5H6C-7HWH
Bulletin has no description...
MAL-2026-6735 Malicious code in ue-python-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9494382fb3885f95987ec830f096aac6cde589cac9485b6a347bafed9a8a7e39 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MINI-P4HW-JH4M-3P7H
Bulletin has no description...
MINI-RH94-7XGJ-63MM
Bulletin has no description...
MINI-PP33-5XFH-WW86
Bulletin has no description...
MAL-2026-6736 Malicious code in unreal-mladapter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MINI-J433-845C-GMRC
Bulletin has no description...
MINI-P7X3-2RQ3-MC2F
Bulletin has no description...
MINI-4XJG-3V99-H5W3
Bulletin has no description...
MINI-68QV-W2FR-FM5Q
Bulletin has no description...
MINI-PR2H-79CV-W3RV
Bulletin has no description...
MINI-7R9V-4H2C-WRPX
Bulletin has no description...
MINI-47RP-JF4X-F492
Bulletin has no description...
MINI-V73P-H978-G6JJ
Bulletin has no description...
MAL-2026-6730 Malicious code in ue-automation-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 312f2d385743023503ed2c86bab1361eff17db32aa8a33d6d4da0015b3650095 The OpenSSF Package Analysis project identified 'ue-automation-scripts' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
GHSA-RH62-J648-G5QC Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB
Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...
GHSA-6G2F-W7G3-77VF 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...
MAL-2026-6729 Malicious code in robomerge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 55684448bbccf72279c32f468fcfcb8a65500ffd2fe3807aec3e34bfc381a773 The OpenSSF Package Analysis project identified 'robomerge' @ 99999.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-6732 Malicious code in unreal-horde-dashboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5e9b87fe74bfc9ebca4a6385b3038cd8a3b5d9907b02772377ed3383318578e4 The OpenSSF Package Analysis project identified 'unreal-horde-dashboard' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2026-6731 Malicious code in ue-jenkins-buildkite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a67a3300cb2357e9661889459167d34c43be7925bd3d476d3a08588d9a907b59 The OpenSSF Package Analysis project identified 'ue-jenkins-buildkite' @ 99999.0.0 npm as malicious. It is considered malicious because: - The...
MINI-JPWX-7JFQ-JF93
Bulletin has no description...
MINI-JX56-89R8-P2QR
Bulletin has no description...
MINI-36F7-4FFC-R82M
Bulletin has no description...
MINI-RH6V-H489-VVFQ
Bulletin has no description...
MINI-C555-574P-GRPJ
Bulletin has no description...
MINI-CF9Q-GF52-HWXM
Bulletin has no description...
MINI-9FMX-GX68-M882
Bulletin has no description...
MINI-2CMC-9QJV-Q9P5
Bulletin has no description...
MINI-HJ6F-9GJR-W3HM
Bulletin has no description...
MINI-XHFR-888Q-VG8R
Bulletin has no description...
MINI-WM7W-7XP2-HPXG
Bulletin has no description...
MINI-G44R-RPW2-34QP
Bulletin has no description...
MINI-W766-7QPM-PHPW
Bulletin has no description...
MINI-8RWV-6WPC-RX4X
Bulletin has no description...
GHSA-Q675-QJ96-32M9 golang.org/x/image/tiff has excessive resource consumption in PackBits decompression
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
MINI-6VF8-9MM7-JR7Q
Bulletin has no description...
GHSA-JPHH-M39H-6GWX 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass
Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...
MINI-535H-Q3GG-H2RJ
Bulletin has no description...
MINI-PJHF-2R46-9PG2
Bulletin has no description...
MINI-5R68-RQXC-6W4Q
Bulletin has no description...
MINI-3M7J-VP37-HXXV
Bulletin has no description...
GHSA-V8RP-6XCV-FWGH Kiwi TCMS's /init-db/ page renders and responds to requests after first use
Kiwi TCMS provides the /init-db/ page as part of its setup mechanism for administrators who prefer a browser instead of the command line. In previous versions of Kiwi TCMS this page still renders and responds to requests even after first use. Impact The /init-db/ page does not require any user...
MINI-XV7V-53MJ-2X37
Bulletin has no description...
MINI-5FWW-9272-4C99
Bulletin has no description...
MINI-858Q-FF8H-V893
Bulletin has no description...