MAL-2025-92248 Malicious code in wibowo-naget41-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0debba03b8dabad96cc6b2f90be0432b49ab4455793587af51fc14851463c29c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2018-1324

Malware in sbrugna...

EUVD-2007-4894

Malware in sbrugna...

EUVD-2019-14002

Malware in sbrugna...

EUVD-2019-1032

Malware in sbrugna...

EUVD-2025-28623

Malicious code in bioql PyPI...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from an information disclosure vulnerability th...

CVE-2025-57734

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files...

CVE-2025-57734

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files...

CVE-2025-57734

In JetBrains TeamCity, versions prior to 2025.07.1 expose AWS credentials inside Docker script files, constituting an information disclosure vulnerability. Supported by multiple sources in the connected set (e.g., Red Hat advisory and PT Security note) consistently identifying the affected softwa...

CVE-2025-57734

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files...

PT-2025-34035 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.1 Description: TeamCity was affected by an issue where AWS credentials were exposed in Docker script files. Recommendations: Update to TeamCity version 2025.07.1 or later...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from an information disclosure vulnerability th...

CVE-2020-6288

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...

CVE-2025-24375

The CVE-2025-24375 entry concerns the Charmed MySQL K8s operator (and machine operator) with credential leakage risk. Root cause: the operator calls the mysql-shell/DDL scripts by writing a temporary script file containing full URIs with user credentials, created with read permissions (0644); unp...

PT-2024-34371 · Schrödinger · Pymol

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python...

WordPress plugin CSS JS Files 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

GHSA-6CJ3-RC4P-F38F Cross-site Scripting vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials such as cookies. With the potential backdoor upload an attacker could gain access ...

Wedding Planner 代码问题漏洞

Wedding Planner is a wedding planner program by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. A security vulnerability exists in Wedding Planner v1.0. An attacker exploited the vulnerability to achieve arbitrary...

Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign

The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans RATs on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthoriz...