Malicious code in call-blockflow (npm)

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...

MAL-2024-8844 Malicious code in harthat-hash (npm)

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...

MAL-2024-8842 Malicious code in call-blockflow (npm)

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...

Information Exposure Through Log Files

github.com/hashicorp/vault is vulnerable to Information Exposure Through Log Files. The vulnerability is due to a regression that removed the HMAC functionality for sensitive headers in the audit device, leading to the storage of plaintext client tokens and token accessors in the audit log...

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...

PT-2024-38989 · Unknown · Alwindoss Akademy

Name of the Vulnerable Software and Affected Versions: alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba Description: A problem has been found in an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of the emailAddress argument leads to cross-site...

The vulnerability of the CDC-NCM component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the CDC-NCM component in the Linux operating system is related to overflow during the check for functionality. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-39747

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality...

CVE-2024-39747

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality...

CVE-2024-39747 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality...

CVE-2024-39747

IBM Sterling Connect:Direct Web Services versions 6.0–6.3 are affected by CVE-2024-39747 due to the use of default credentials for potentially critical functionality. The Red Hat and IBM advisory entries corroborate the same issue and specify remediation paths: Affected products: IBM Sterling Con...

Microweber CMS 1.2.10 Local File Inclusion (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microweber CMS v1.2.10 Local File Inclusion Authenticated', 'Description' = %q Microweber CMS v1.2.10 has a backup functionality. Upload and...

Cross-site Scripting (XSS)

Typo3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parsing of values assigned to HTML attributes in the frontend's typolink functionality and improper encoding of error messages in the backend's filelist module when renaming files...

CVE-2024-43939

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9...

CVE-2024-43940 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9...

CVE-2024-43940

CVE-2024-43940 is a Missing Authorization vulnerability in Zynith SEO (Zynith) for WordPress, affecting 7.4.9 and earlier. It allows Accessing Functionality Not Properly Constrained by ACLs. The connected sources corroborate the issue and indicate it remains unpatched; no public remediation or ex...

CVE-2024-43939 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9...

PT-2024-30801 · Zynith · Zynith

Name of the Vulnerable Software and Affected Versions: Z Y N I T H versions n/a through 7.4.9 Description: The issue is related to missing authorization, allowing access to functionality not properly constrained by ACLs. This enables unauthenticated access. Recommendations: For versions n/a throu...

CVE-2021-38122

A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...