Malicious code in paypal-sdk-spec (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (641111da134e219b032f3fdca4837630c098df34fc322c1d5f6bd41310c85974) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in frontend-framework-paypal (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3249f5205a1b92d8e4fa170c1209732d6d43bcf2a5b6681aa3176e38a4c358cf) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in paypal-components (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (8c567ab6669d4641b8be74f34c75ca064781ccced7753e64dfa6e3c6212fcfb6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in paypal-express (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a2dbdf2f5ad866355a0a2188cfabf78be811027c4b9fd82b16212cfb3136e3bd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in alipay-js-jdk (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3849e1ac4748a634622dfc83aebe7a3e9d4e0b3c0967e062a5b573d96d30d5fd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in paypal-adapter (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f52e534e2e7600406f1799a02a19f324ecf2af590d237af66cd669413c28af5e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in vxpattern-lib-paypal (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e1389b0ec7c0190e59b05c9c0bcab3dcaad7fbf57a1f3228819e0ed647724850) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in paypal-ui (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (bd97a9d3e6b3e04b36b277193e7886377a2ab022ec1ea936f004cf28b20cc621) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
6.5CVSS
6.3AI Score
0.001EPSS
7.3AI Score
YouDianCMS SQL Injection Vulnerability (CNVD-2022-59019)
A SQL injection vulnerability exists in YouDianCMS v9.5.0, which originates from a missing validation of external input SQL statements in the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive...
9.8CVSS
4.9AI Score
0.002EPSS
YoudianCMS SQL Injection Vulnerability (CNVD-2022-59020)
YouDianCMS is a web CMS. SQL injection vulnerability exists in YoudianCMS v9.5.0, which originates from a missing validation of external input SQL statements in the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. An attacker could use this vulnerability to execute illegal SQL...
8.8CVSS
4.6AI Score
0.001EPSS
YoudianCMS SQL Injection Vulnerability (CNVD-2022-59021)
YouDianCMS is a web CMS. SQL injection vulnerability exists in YoudianCMS v9.5.0, which originates from a missing validation of external input SQL statements in the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. An attacker could use this vulnerability to execute illegal SQL commands.....
8.8CVSS
4.6AI Score
0.001EPSS
WordPress插件Change Uploaded File Permissions跨站请求伪造漏洞
WordPress is a set of blogging platform developed using the PHP language. The WordPress plugin Change Uploaded File Permissions plugin 4.0.0 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of checks and can be exploited to change the file and folder...
6.5CVSS
2.5AI Score
0.001EPSS
7.7AI Score
EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Spring Cloud...
10CVSS
9.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Spring Cloud...
10CVSS
9.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Atlassian Confluence Data Center
CVE-2022-26134-Godzilla-MEMSHELL Usage ``` java -jar...
9.8CVSS
9.6AI Score
0.975EPSS
Heart OA 2022 early summer noon version has arbitrary file download vulnerability
HeartTone OA is an office software equipped with AI artificial intelligence. HeartTongda OA 2022 Early Summer Dragon Boat Edition has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive...
4.4AI Score
9.8CVSS
9.8AI Score
0.975EPSS
9.8CVSS
9.8AI Score
0.975EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 CVE-2022-0847 used to achieve container escape...
7.8CVSS
8AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 CVE-2022-0847 used to achieve container escape...
7.8CVSS
8AI Score
0.076EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
'Follina' MS-MSDT n-day Microsoft Office RCE—修改版 根据...
7.8CVSS
8.7AI Score
0.966EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE-2022-30190 Microsoft Office Word Rce 复现(CVE-2022-30190)...
7.8CVSS
8.3AI Score
0.966EPSS
7.5CVSS
2.7AI Score
0.026EPSS
9.9AI Score
Exploit for Incorrect Authorization in Vmware Spring Security
CVE-2022-22978 Spring-Security bypass Demo 在Spring...
9.8CVSS
0.7AI Score
0.009EPSS
Exploit for Path Traversal in F5 Big-Ip Access Policy Manager
F5-BIG-IP POC go语言编写CVE-2020-5902 CVE-2021-22986...
7.3AI Score
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 Zyxel 防火墙命令注入漏洞 CVE-2022-30525 POC&EXP ...
9.8CVSS
-0.5AI Score
0.975EPSS
The Rapid7 Sales Culture and Experience: An Inside Look From 2 VPs
Sales roles are all about people. That holds true not only when you're building relationships with prospects but also in your day-to-day experience on the team. Having the right culture and people around you can make or break your success, satisfaction, and long-term growth. If you're a job seeker....
-0.8AI Score
Open Automation Software OAS Platform文件写入漏洞
Open Automation Software OAS Platform is an industrial Internet of Things (IoT) suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0112 contains a file-writing vulnerability that can be exploited by attackers to cause remote code execution with specially crafted....
9.8CVSS
6.2AI Score
0.005EPSS
SiteServer CMS sql injection vulnerability
SiteServer CMS is a content management system (CMS) from Beijing Bailong Thousand Domain Software Technology Development Company. SQL injection vulnerability exists in SiteServer CMS V6.15.51. An attacker can exploit this vulnerability to perform sql...
8.8CVSS
2.5AI Score
0.001EPSS
Magento 2 Community Edition DoS vulnerability
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant.....
7.5CVSS
6.9AI Score
0.001EPSS
Magento 2 Community Edition DoS vulnerability
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant.....
7.5CVSS
6.9AI Score
0.001EPSS
paypal/adaptivepayments-sdk-php vulnerable to a reflected XSS
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code...
6.1CVSS
6.4AI Score
0.001EPSS
paypal/adaptivepayments-sdk-php vulnerable to a reflected XSS
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code...
6.1CVSS
6.4AI Score
0.001EPSS
New Unpatched Bug Could Let Attackers Steal Money from PayPal Users
A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique...
0.4AI Score
9.8CVSS
9.7AI Score
0.006EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
一、Spring Cloud Gateway远程代码执行漏洞 危害等级:高危 POC/EXP情况:已公开...
10CVSS
10AI Score
0.975EPSS
Cardiologist moonlighted as successful ransomware developer
The US has charged a 55-year-old French-Venezuelan cardiologist from Venezuela with "attempted computer intrusions and conspiracy to commit computer intrusions". This was revealed in an unsealed complaint in a federal court in Brooklyn, New York. Moises Luis Zagala Gonzales worked as a ransomware.....
0.2AI Score
Malicious code in paypal-rest-sample (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (4f5c6beb6bf6ebdd58d3baff1e4017eacb25c5cda9a802eb8dbb5e2d2abbd8b9) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
WordPress Administration Apertas plugin文件包含漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Amministrazione Apertas plugin versions prior to 3.8 have a file inclusion vulnerability that stems.....
6.5CVSS
1.8AI Score
0.002EPSS
U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware
The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers.....
0.4AI Score
Simple Social Networking Site文件删除漏洞
Simple Social Networking Site is a social networking site. Simple Social Networking Site has a security vulnerability that can be exploited by attackers to delete arbitrary...
4AI Score
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入漏洞 影响组件 USG FLEX...
9.8CVSS
0.3AI Score
0.975EPSS
paypal/permissions-sdk-php reflected Cross-site Scripting (XSS)
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code...
5.4CVSS
6.4AI Score
0.001EPSS
paypal/permissions-sdk-php reflected Cross-site Scripting (XSS)
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code...
5.4CVSS
6.3AI Score
0.001EPSS
paypal/invoice-sdk-php reflected XSS
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code...
5.4CVSS
6.4AI Score
0.001EPSS
paypal/invoice-sdk-php reflected XSS
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code...
5.4CVSS
6.3AI Score
0.001EPSS