213 matches found
Malicious Package
Overview duoblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview tgsendzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...
Malicious Package
Overview tblogzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...
Malicious Package
Overview tblogduopack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview tgsendduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...
Malicious Package
Overview t64d is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview cafebuy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview cafebasics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview cafebuyduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Linux Distros Unpatched Vulnerability : CVE-2022-40617
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA...
CVE-2025-34074
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...
Intersections Hotspot Shield VPN 注入漏洞
Intersections Hotspot Shield VPN is a virtual private network VPN service product from Intersections, Inc. Intersections Hotspot Shield VPN suffers from an injection vulnerability that stems from an injection issue in the processing of the Host header, which could result in request redirection or...
CVE-2023-23848
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-0993
CVE-2025-0993 affects GitLab CE/EE, all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The issue can allow an authenticated attacker to cause a denial of service by exhausting server resources, with high availability impact. The provided documents do not include a concrete...
CVE-2025-0993
Removed by vendor...
CVE-2025-0993 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources...
CVE-2019-10389
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...
Malicious code in concurrent-hashmap (npm)
This package runs a post-install script that exfils sensitive data to a attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b043630941c12131f7d10fdb97608a15c397c2cf21e74116aa2fd89a1840a58e Any computer that has this package installed or runni...
📄 SilverStripe 5.3.8 Cross Site Scripting
SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...
Malicious code in hardhat-configs (npm)
This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98317ddb2bbad731c7576eb5f64b3a91f7e6f7bd135fa5ef05b7a2ad3da15992 Any computer that has this...