EUVD-2020-2991

Malware in sbrugna...

EUVD-2024-54642

Malicious code in bioql PyPI...

MAL-2025-41266 Malicious code in google-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a306188997a3decdf3eb0566e9ec1b3f81c5b1e0b4269eff69342744a9bad64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41265 Malicious code in @google_cloud/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77d1d3e3759d05fa05f2d625c645f9ccca58c49fbedc0eb52e1ae34ca2a4d0c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...

Parallels Desktop 安全漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. A security vulnerability exists in Parallels Desktop for Mac version 20.1.1, which stems from a symbolic linking issue in the Snapshot feature that could lead to elevated privileges...

Parallels Desktop 安全漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. A security vulnerability exists in Parallels Desktop for Mac version 20.1.1, which stems from a hard-link issue in the Virtual Machine Archive Recovery feature that could lead to elevated...

Malicious code in config-conventional (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9db287fbaa3f09a3e8e30d18616b161cbc82f46c0867a4f8638067c82846d154 The OpenSSF Package Analysis project identified 'config-conventional' @ 20.1.1 npm as malicious. It is considered malicious because: - The packa...

PT-2023-28137 · Adobe · Magento-Lts

Name of the Vulnerable Software and Affected Versions: Magento LTS versions prior to 19.5.1 Magento LTS versions prior to 20.1.1 Description: The issue concerns the "guest-view" cookie in Magento LTS, which contains a 6 hexadecimal character protect code. This code is not sufficient to prevent...

Malicious code in plain-function (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 npm as malicious. It is considered malicious because: - The package...

CVE-2020-10538

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack...

Epikur Security Breach

Epikur is a healthcare mobile application from German company Epikur that provides users with psychotherapy, patient management, and other functions. A security vulnerability exists in Epikur before 20.1.1, which stems from a function that checks a submitted password against an MD5 hash of the...

Epikur Encryption Issues Vulnerabilities

Epikur is a healthcare mobile application from German company Epikur that provides users with psychotherapy, patient management, and other features. A security vulnerability exists in Epikur before 20.1.1 that stems from storing user passwords as MD5 hashes in the database...

Design/Logic Flaw

Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and...

CVE-2013-5871

Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and...