Malicious code in ib-subgraph (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dec631660263dd92dbbc3c1a243f486c68590ba0ec86a9e78681bcb4c17526d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @gettilled/commitlint-preset (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcbfb666aa11ddf3ca2fa71c1b576f37474993d06a8abb7ad0af2c7466691cd9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 35 Update: golang-github-cpu-goacmedns-0.1.1-5.fc35

A Go library to handle acme-dns client communication and persistent account storage...

What is Steganography, and how can we Avoid it?

What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of late, bad actors are taking advantage of...

Cross site scripting

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via the component /ffos/classes/Master.php?f=savecategory...

Predatory Sparrow massively disrupts steel factories while keeping workers safe

Stuxnets attack on Irans uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts i...

Malicious code in lkauovkgjbridwhy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66a93b3338fdb514ea44eac90f57933f81b6f19ed524cff65aea93653c28539b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in thepfxrikzwavydc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bfeec62b45a438e5080c48133b38182032222cba8c644fb889baf4afc6db4c66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hksnzojebplygmqi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21accaf3bb53cec7046615b081b7c6becceb550b00328f3f7e2b737b4af51bb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in icon-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d88cf998d4140ce1ace5f472b26111b02c4363162678fe2e97c4e4e88008244 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 36 Update: golang-github-cpu-goacmedns-0.1.1-5.fc36

A Go library to handle acme-dns client communication and persistent account storage...

Multiple Stored XSS

✍️ Description The persistent or stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Malicious code in personal-colors-kash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 314d8e8e81281e1eb99614b0ba515986bf54f7afaccd18e2dcb8f641ae43b232 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Plugin NewStatPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin NewStatPress version 1.2.4 contains a cross-site scripting vulnerability that can be...

Stored Cross-Site Scripting (XSS)

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

CVE-2017-20098

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

CVE-2017-20098 Admin Custom Login Plugin Persistent cross site scripting

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

Cross site scripting

Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs...