EUVD-2022-1593

Malicious code in bioql PyPI...

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

CVE-2021-24433

creationtimestamp| type| source ---|---|--- 2024-01-24 01:16:27+00:00| seen| https://t.me/ctinow/172441 2024-02-06 13:46:57+00:00| seen| https://t.me/ctinow/179981...

CVE-2021-24433

The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "categorysims", "ordersims", "orderbysims", "periodsims", and "tagsims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as...

CVE-2021-24433

CVE-2021-24433 affects the WordPress plugin simple sort&search (versions

CVE-2021-24433 Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS

The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "categorysims", "ordersims", "orderbysims", "periodsims", and "tagsims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as...

CVE-2023-24433

creationtimestamp| type| source ---|---|--- 2023-01-27 00:39:09+00:00| seen| https://t.me/cibsecurity/56970 2025-09-23 15:45:52+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzjbdt5pol42...

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24433

The CVE-2023-24433 entry concerns the Orka by MacStadium Jenkins plugin (versions 1.31 and earlier). The root cause is missing permission checks across several HTTP endpoints, enabling attackers with Overall/Read permission to (a) enumerate credentials IDs stored in Jenkins and (b) connect to an ...

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Command Injection

simple-git is vulnerable to command injection. The vulnerability exists in cloneTask function in clone.ts due to the use of --upload-pack in git.clone which allows an attacker to inject and execute arbitrary codes. This is possible due to an incomplete fix of CVE-2022-24433...

GHSA-28XR-MWXG-3QC8 Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

Command injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

2context (>=0.1.0 <=0.2.0), 2ndopinion-cli (>=0.1.0 <=0.12.0) +7396 more potentially affected by CVE-2022-24066 +1 more via simple-git (>=3.0.3 <=3.4.0)

simple-git NPM version =3.0.3, =0.1.0, =0.1.0, =0.16.0, =0.0.112-rc1, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =2.0.0, =1.0.3, =1.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2022-24066, CVE-2022-24433 Source advisory: SNYK:JS-SIMPLEGIT-2434306...

Tenda AC6 SetPptpServerCfg function stack overflow vulnerability (CNVD-2022-24433)

The Tenda AC6 is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda AC6 SetPptpServerCfg function, which can be exploited by an attacker to cause arbitrary command execution...

1508-cli (>=1.0.4 <=1.0.6), 2context (>=0.1.0 <=0.2.0) +11498 more potentially affected by CVE-2022-24433 via simple-git (>=0.10.0 <=3.36.0)

simple-git NPM version =0.10.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =0.16.0, =0.0.80, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =1.33.0 and more Source cves: CVE-2022-24433 Source advisory: OSV:GHSA-3F95-R44V-8MRG...

CVE-2022-24433

creationtimestamp| type| source ---|---|--- 2022-03-11 20:20:58+00:00| seen| https://t.me/cibsecurity/38818 2022-04-02 00:20:00+00:00| seen| https://t.me/cibsecurity/40023 2026-01-24 22:43:31+00:00| seen| https://gist.github.com/alon710/f12368cd9ac8921898d83077e1553626...