Malicious code in levex-press (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f33c109f544ebe960d2fe2880abba71a8abbbcfc1b8042ca5c5d5d9e6ac6b557 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-854 Malicious code in sinon-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9ac1d9ff3647908703db921b2e950e479861f18e7b1bad8377baaa7400d32c The package sinon-node was found to contain malicious code. Source: ghsa-malware 5aa93130bd1915120b30dc2472c774ac984ea2c2166d7865d30fdf8343225f50 Any...

EUVD-2012-2297

Malware in sbrugna...

EUVD-2022-0877

Malicious code in bioql PyPI...

EUVD-2022-3687

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-6194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external...

DRUPAL-CONTRIB-2025-093

This module enables you to access an edit page for a config page. The module doesn't sufficiently check the access permissions hookENTITYTYPEaccess wasn't taken into account. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "edit ID config page" an...

DRUPAL-CONTRIB-2025-086

This module enables you to use config\pages as a content entity. The module doesn't check permission or entity access before rendering config\pages content...

Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086

This module enables you to use configpages as a content entity. The module doesn't check permission or entity access before rendering configpages content...

MAL-2025-3589 Malicious code in twewewewest6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e24697bace34244c6963d54b8439296aa2903a23b68833af4712c3506830d198 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020

The Email Contact module provides email field display formatters that can display the field as a link to the contact form, or as an inline contact form. The module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is...

BIT-DRUPAL-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

BIT-DRUPAL-2022-25274

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

Malicious code in wlwz-2312-7001 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b44efc7d5514573b47b1da5c0a421148640531fbc5aaec85bcde47aade67e389 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-275 Malicious code in wlwz-2312-1106 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4f61a2649cb1e02df29460e01f9c357290aaa9f3592eb13e4a8a4fbe544393f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-348 Malicious code in wlwz-2312-1907 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5077dbc02f07035c4e0e2dc2d6b4b2b88decafeab5df1b1eaae7f3d37bd64f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-19376 · Ministry Of Agriculture · Electronic Delivery Check System

Name of the Vulnerable Software and Affected Versions: Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version versions 14.0.001.002 and earlier Description: The issue is related to the improper restriction of XML...

CVE-2023-40310

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...

MAL-2023-8108 Malicious code in surf-sharekit-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 449f014291c34fa4bc1a855658d8ff0b9fe4788e1986e2410d3dc82ac8e50abb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...