MAL-2025-37476 Malicious code in uber-purify (npm)

The package uber-purify was found to contain malicious code...

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

USN-7260-1 openrefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

CVE-2024-37476

creationtimestamp| type| source ---|---|--- 2024-07-04 21:01:48+00:00| seen| https://t.me/cvedetector/65...

CVE-2024-37476 WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1...

CVE-2024-37476

CVE-2024-37476 is a Stored XSS affecting Automattic Newspack Campaigns (WordPress plugin) up to version 2.31.1. The vulnerability is confirmed in WordPress ecosystem sources; remediation is to upgrade Newspack Campaigns to a version where the fix is in place (patched). No exploitation activity is...

CVE-2024-37476 WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1...

WordPress Newspack Campaigns Plugin <= 2.31.1 is vulnerable to Cross Site Scripting (XSS)

Software Newspack Campaigns Type Plugin Vulnerable versions = 2.31.1 Fixed in 2.31.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37476 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0b7e9fddfca4 Credits Rafie Muhammad Patchstack Require...

CVE-2023-37476

creationtimestamp| type| source ---|---|--- 2023-10-02 11:37:00+00:00| seen| https://t.me/KomunitiSiber/871 2023-10-02 12:49:47+00:00| seen| Telegram/m4CRwij0I94KgcDWSQKN7C07tFBj9zudfg6MWy4bJRg1ew 2024-10-24 07:43:10+00:00| seen| https://t.me/itsecnews/3361...

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 CVSS score: 7.8, the vulnerability is a Zip Slip vulnerability that could have adverse...

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

CVE-2023-37476

OpenRefine's CVE-2023-37476 is a documented zip-slip style vulnerability in the import mechanism for tarred OpenRefine projects. It affects all versions up to 3.7.3 and can allow arbitrary code execution in the OpenRefine process when a user imports a crafted tar file. The issue is widely referen...

CVE-2023-37476 Zip slip in OpenRefine

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

CVE-2021-37476

creationtimestamp| type| source ---|---|--- 2021-07-26 22:11:41+00:00| seen| https://t.me/cibsecurity/26512...