Malicious code in configs-web-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e2873a2ee1e0748ca75f7e661e6961df7a4522dae8e7e658c47cfbab20eff7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-7259 · Net Snmp · Net-Snmp

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the following functions: snmp config when, netsnmp config process memory list,...

Malicious code in hardhat-configs (npm)

This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98317ddb2bbad731c7576eb5f64b3a91f7e6f7bd135fa5ef05b7a2ad3da15992 Any computer that has this...

MAL-2025-626 Malicious code in hardhat-configs (npm)

This package exfiltrates sensitive Ethereum-related data such as mnemonics and private keys to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98317ddb2bbad731c7576eb5f64b3a91f7e6f7bd135fa5ef05b7a2ad3da15992 Any computer that has this...

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

Nginx UI 安全漏洞

Nginx UI is a WebUI for Nginx by Jacky's personal developer. A security vulnerability exists in Nginx UI versions prior to 2.0.0-beta.36, which stems from the fact that its log path is controlled, allowing an attacker to read the contents of directories and files on the server in conjunction with...

Permissive Regular Expression in tacquito

Impact The CVE is for a software vulnerability. Network admins who have deployed tacquito or versions of tacquito in their production environments and use tacquito to perform command authorization for network devices should be impacted. Tacquito code prior to commit...

Oracle Linux 9 : kernel (ELSA-2024-8162)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8162 advisory. - gfs2: Fix NULL pointer dereference in gfs2logflush CKI Backport Bot RHEL-51561 RHEL-51559 CVE-2024-42079 - KVM: SVM: WARN on vNMI + NMI window iff NM...

PLANET switch devices 安全漏洞

PLANET switch devices are a series of switch devices from PLANET Corporation in China. A security vulnerability exists in PLANET switch devices that stems from the use of an insecure hash function that is not salted to hash user passwords. A remote attacker with administrator privileges could rea...

CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

Malicious code in tools-access-configs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3136 Malicious code in tools-access-configs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2612 Malicious code in line-configs (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in line-configs (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @b2bgeo/configs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2016 Malicious code in @b2bgeo/configs (npm)

--- -= Per source details. Do not edit below this line.=-...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 PoC for educational purposes only. only use on...