MAL-2025-37477 Malicious code in uberdots (npm)

The package uberdots was found to contain malicious code...

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...

WordPress Newspack Content Converter Plugin <= 0.1.5 is vulnerable to Broken Access Control

Software Newspack Content Converter Type Plugin Vulnerable versions = 0.1.5 Fixed in 1.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37477 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9023ad743104 Credits Rafie Muhammad...

CVE-2023-37477

1Panel exposes an OS command injection in its firewall IP endpoint (/hosts/firewall/ip). The vulnerability allows an authenticated attacker to craft input that leads to arbitrary command execution, potentially full system compromise. The issue stems from lack of input validation in the firewall f...

CVE-2023-37477

creationtimestamp| type| source ---|---|--- 2023-07-18 10:23:12+00:00| published-proof-of-concept| https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-p9xf-74xh-mhw5 2023-07-18 22:31:11+00:00| seen| https://t.me/cibsecurity/66937...

CVE-2021-37477

creationtimestamp| type| source ---|---|--- 2021-07-26 22:11:43+00:00| seen| https://t.me/cibsecurity/26514...

CVE-2021-37477

NavigateCMS is affected by a SQL injection in structure.php (parameter: children_order) for version 2.9.4 and earlier, enabling arbitrary SQL execution in the backend. The Root Cause is a vulnerable input handling path in the structure.php function. Reported severity ranges from HIGH (CVSS v2) to...