Malicious code in ooflienro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 460421ad4c16e7311d70839005722b20fb615154541c29ea376e7029a210e50f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-41816

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...

CVE-2024-41816 WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...

Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT aka Strigoi Master. "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijac...

PT-2024-29582 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.8.0 Description: The issue is related to Persistent Cross-Site Scripting XSS via the cooked-timer shortcode due to insufficient input sanitization and output escaping. This allows...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.3 security and bug fix update

OpenShift API for Data Protection OADP 1.3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GHSA-GC5H-6JX9-Q2QH eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

Impact The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the uploa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when the CXL subsystem automatically assembles the pmem region during cxl endpoint port probin...

PT-2024-10242 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 10.1 Description: The issue is related to improper allocation of resources, which could allow a remote attacker to cause a denial of service using persistent connections. This is due to an incorrect...

Security Bulletin: Information disclosure in persistent watchers handling

Summary Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.16 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Malicious code in stylishteks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40a8ed6d750df7841026d152bf8840677964a636c2377940003db377ae525481 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious code in addcohort (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e7c7c14de394a6a49ce28fc5eac784de2b16faab93f257a8f142b5b32564bfd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/illum-quidem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd15ba0019e3a1a688c4a7f881d55ebba37d8b7e19fc1b2a8c4f55856c93798f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/itaque-nesciunt-voluptatibus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d20c232adf35eee773aba9024dfa9d48b92b227809834242b2f0c851270689f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/molestias-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4203d5d6cf9467afa779754419b8356ce12d342a64bf06773b36a3d04940e4a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/officia-tempora-sequi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0db1890c2143a131ce07eb08219825a3d054031562e71489dab5dcfeabfc20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/quia-sapiente (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac1bcf9c797c7505ef34a65a8b7cd8bf67a4e7a4dff46e77a134869e4af3c93c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...