343 matches found
EUVD-2025-7795
Malicious code in bioql PyPI...
EUVD-2024-39178
Malicious code in bioql PyPI...
EUVD-2023-3077
Malicious code in bioql PyPI...
EUVD-2023-3134
Malicious code in bioql PyPI...
EUVD-2024-2947
Malicious code in bioql PyPI...
Malicious Package
Overview mpesa-backoffice-ekyc-frontend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
CVE-2025-50255
Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...
CVE-2025-50255
Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...
CVE-2025-50255
Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...
PT-2025-38415
Name of the Vulnerable Software and Affected Versions Smartvista BackOffice SmartVista Suite version 2.2.22 Description The software contains a Cross Site Request Forgery CSRF flaw. A crafted GET request can trigger the flaw. Recommendations Apply any available updates to address the issue in...
CVE-2025-50255
CVE-2025-50255 describes a Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 exploitable via a crafted GET request. The CVSS v3.1 base score is 7.8 (HIGH), with local attack vector, no privileges required, user interaction required, and impacts to co...
CVE-2025-50255
Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...
GHSA-8XX5-H6M3-JR33 Presta Shop vulnerable to email enumeration
Impact An unauthenticated attacker with access to the back-office URL can manipulate the idemployee and resettoken parameters to enumerate valid back-office employee email addresses. Impacted parties: Store administrators and employees: their email addresses are exposed. Merchants: risk of...
Malicious code in mpesa-backoffice-frontend (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-42029 Malicious code in mpesa-backoffice-frontend (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in mpesa-backoffice-ekyc-frontend (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1d40690b03ef978ac9c358228d4e0372e07e448e4e8d894ab44d49e70d23bac Any computer that has this package installed or running should be considered...
MAL-2025-42028 Malicious code in mpesa-backoffice-ekyc-frontend (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1d40690b03ef978ac9c358228d4e0372e07e448e4e8d894ab44d49e70d23bac Any computer that has this package installed or running should be considered...
Malicious code in izberg-backoffice-inventory-js (npm)
The package izberg-backoffice-inventory-js was found to contain malicious code...
MAL-2025-23521 Malicious code in izberg-backoffice-inventory-js (npm)
The package izberg-backoffice-inventory-js was found to contain malicious code...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via an anonymously accessible endpoint that reveals details about configured password requirements. An attacker can gain insight into password policy information...