Cross site request forgery (csrf)

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous...

Malicious code in very-bad-npm-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b6aab39bd84cb65205f0339a8531e90906143bc204d65dab3f378e8ef83619d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fca-kemdev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 287f0297a75a759baf26a653469422f43653a6ccb17b28941f58e54279b623b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance provides dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox is vulnerable to a cross-site scripting vulnerability...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence, real-time control panel and reporting. Fortinet FortiSandbox is vulnerable to a cross-site scripting vulnerability that stem...

Malicious code in daftar-10-bandar-togel-singapore-terpercaya-agen-pay4d-terbesar-di-asia (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c010afee8561b173cf2644e0cf79595bc1f4c292cf5d3c68a90de24f2a655cab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in slot-qris-situs-slot-mudah-maxwin-24-jam-online-terpercaya (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7024e3e37cd20e39f30c363c32d2da667b32231695491e01709a7ed3fad3a09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fas_elbridge_server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9eeb55ec40cca8a30b5ca2b20ede9234fa59a23da2fa5cef2ad9c3e461eba4c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-44400

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

CVE-2023-44400 Uptime Kuma has Persistentent User Sessions

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

CVE-2023-44400 Uptime Kuma has Persistentent User Sessions

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

CVE-2023-44400 Uptime Kuma has Persistentent User Sessions

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

Uptime Kuma License Issue Vulnerability

Uptime Kuma is an easy-to-use, self-hosted monitoring tool from the individual developer Louis Lam. An authorization issue vulnerability exists in Uptime Kuma versions prior to 1.23.3, which stems from a lack of session token validation after a password change or after a period of inactivity, and...

CVE-2022-36277

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...

CVE-2022-36277

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...

Design/Logic Flaw

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...

CVE-2022-36277 SQL injection vulnerability in TCMAN GIM

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...

CVE-2022-36277 SQL injection vulnerability in TCMAN GIM

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...

jetty: Improper validation of HTTP/1 content-length

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...