Malicious code in @diotoborg/consectetur-consequuntur (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9282f643a0e7520d88d082ff71319849893e610b6ac28c0ce0bf1f1bc031ce48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/illo-amet-architecto (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b73e91c63f416e494f7d9d204af037bb6f58c12d895f9a38c38473e50f2ed94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/rem-eum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f393166e307c466a1627df4c9dd74f6aeb84e03a4a2175049e368b1a90710e66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/consequatur-facilis-qui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dec70184c6ca2f4543784f4ab8cecc957a7692d0e4bbd26cd2d8f0a61812bf51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/nam-voluptates-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b1c78d692dd69047016cb20f6be4ee4e759c177708dc8dd7487fd20fa36f3c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/architecto-reprehenderit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e8dd0516a6c5552999774afc0e9a3789cb45e5888eb1648e3d7d92c8ae2db7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/repellendus-est (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 025ad2a4a8a3e55e1596e4acea55c95e0a3acb90c397b7677ff2763ad776c7d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HTTP Microsoft SQL Injection Table XSS Infection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Microsoft SQL Injection Table XSS Infection', 'Description' = %q This module implements the mass SQL injection attack in use lately by...

Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign

Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control C2 mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeti...

Malicious code in sweet-ruin-immortals-after-dark-16-by-kresley-cole-on-audiobook-full-volumes- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6ddd212ce30f7b7db65579b6f4be56f10137c104c7ab63553566ccd90a1ff3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in as-rest-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a576994460aeca57d9642938bbd4c214c2fc5138f9513388b070cb882fde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and group services provided by Apache ZooKeeper, related to exposing confidential information to unauthorized individuals, allows attackers to gain access to confidential information.

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the absence of ACL checks during the operation of the persistent observer. Exploiting this vulnerability...

PT-2024-5891 · Unknown · Uefi Firmware

Name of the Vulnerable Software and Affected Versions: UEFI firmware affected versions not specified Description: A vulnerability related to the use of an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signe...

Automad Cross-site Scripting vulnerability

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

OESA-2024-2053 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...