Lucene search
+L

214 matches found

Snyk
Snyk
added 2024/10/02 12:28 p.m.1 views

Malicious Package

Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2024/10/02 12:28 p.m.3 views

Malicious Package

Overview backend-engineering-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2024/10/02 12:28 p.m.3 views

Malicious Package

Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2024/10/02 12:28 p.m.1 views

Malicious Package

Overview buy-sell-opensea-sdk-demo is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2024/10/02 12:28 p.m.2 views

Malicious Package

Overview svelte-hms-world is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS7AI score
Exploits0References2
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.3 views

TCP security vulnerability

TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A security vulnerability exists in TCP that stems from the protocol having a timed side channel, which allows an attacker to infer the contents o...

4.3CVSS6.7AI score0.00572EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.6 views

PT-2024-28734 · Tcp · Tcp

Name of the Vulnerable Software and Affected Versions: TCP protocol affected versions not specified Description: The issue is related to a timing side channel in the TCP protocol, making it easier for remote attackers to infer the content of one TCP connection from a client system to any server...

4.3CVSS6.9AI score0.00572EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.5 views

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno versions v1.8.0 through 1.40.4 that stems from Deno incorrectly checking if the hostname of an imported descriptor is equal t...

4.6CVSS6.5AI score0.00594EPSS
Exploits1References4
NCSC
NCSC
added 2024/03/12 12:0 a.m.6 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed and vulnerability in SQL Server. The vulnerability is located in the Django backend and allows a malicious party to be able to use the client application of the victim to execute an SQL injection and thus execute arbitrary code execute arbitrary code with the victim's privileg...

8.8CVSS8.2AI score0.02124EPSS
Exploits0
OSV
OSV
added 2024/01/23 8:15 p.m.4 views

CVE-2023-42143

Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...

5.4CVSS5.8AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.7 views

PT-2024-13033 · Allterco · Shelly Trv

Name of the Vulnerable Software and Affected Versions: Shelly TRV version 20220811-152343/v2.1.8@5afc928c Description: The issue allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is then...

5.4CVSS5.3AI score0.00155EPSS
Exploits0References5
Prion
Prion
added 2024/01/15 4:15 a.m.18 views

Remote code execution

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...

7.5CVSS8.7AI score0.01179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/08 12:0 a.m.3 views

BigBlueButton PILOS Security Vulnerability

BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton PILOS versions 2.0 through 2.3, which stems from the fact that when constructing a password reset URL, the password reset component deployed in PILOS uses the...

8.8CVSS6.8AI score0.00599EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/15 9:3 a.m.6 views

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

6.5CVSS5.7AI score0.00675EPSS
Exploits0References5
OSV
OSV
added 2023/05/16 4:15 p.m.5 views

CVE-2023-32978

A cross-site request forgery CSRF vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

4.3CVSS5.7AI score0.003EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.5 views

plugin: CSRF vulnerability in Script Security Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS5.7AI score0.0061EPSS
Exploits0References5
OSV
OSV
added 2023/02/15 2:15 p.m.6 views

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

8.8CVSS7.2AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2023/01/26 9:18 p.m.4 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS7.3AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.7 views

CVE-2022-41777

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 PC Version v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash...

6.8AI score0.01478EPSS
Exploits0References3
OSV
OSV
added 2022/11/03 11:4 a.m.3 views

OESA-2022-2034 strongswan security update

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a...

7.5CVSS6.4AI score0.01634EPSS
Exploits0References2
Rows per page
Query Builder