Lucene search
K

11 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 3:52 p.m.12 views

Malicious code in power-platform-playwright-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...

5.8AI score
Exploits0References2
Fedora
Fedora
added 2026/04/25 1:55 a.m.4 views

[SECURITY] Fedora 44 Update: mingw-qt6-qtwebsockets-6.10.3-1.fc44

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

5.1AI score
Exploits0
OSV
OSV
added 2024/09/30 2:30 p.m.9 views

RLSA-2024:6963 Moderate: gtk3 security update

The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fixes: gtk3: gtk2: Library injection from CWD CVE-2024-6655 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

7CVSS7.4AI score0.00464EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.5 views

The vulnerability of the software for creating metadata, processing, and exchanging data according to the Adobe XMP-Toolkit-SDK standards, related to reading beyond the buffer in memory, allows attackers to disclose protected information.

The vulnerability of the software for creating metadata, processing, and exchanging data according to the Adobe XMP-Toolkit-SDK is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

7.1CVSS6.6AI score0.01936EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/04 4:29 p.m.24 views

CVE-2016-10688

Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

9.3CVSS8.3AI score0.01699EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 4:29 p.m.15 views

CVE-2016-10688

Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

8.1CVSS8.6AI score
Exploits0References1
Prion
Prion
added 2018/06/04 4:29 p.m.12 views

Remote code execution

Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

9.3CVSS8AI score0.01699EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 4:0 p.m.21 views

CVE-2016-10637

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

8.3AI score0.01752EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/04 4:0 p.m.28 views

CVE-2016-10688

Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

8.3AI score0.01699EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 4:0 p.m.59 views

CVE-2016-10637

CVE-2016-10637 affects haxe-dev, a cross-platform toolkit. The vulnerability arises when haxe-dev downloads binary resources over HTTP, allowing a network-adjacent attacker to perform a MITM and swap the requested binary with an attacker-controlled one, potentially leading to remote code executio...

9.3CVSS8.2AI score0.01752EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/04/24 7:59 p.m.3 views

CVE-2017-3512

Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

8.3CVSS7.3AI score0.028EPSS
Exploits0References5
Rows per page
Query Builder