5315 matches found
MAL-2023-7303 Malicious code in tposintadget (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 09d7c9df1859042d6bf492ed412327a819ba78649e3175f7c9f05953d096b30c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-7714 Malicious code in tpvirtualramget (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx e1d5d9368eb71fed1c146965eb23d9fc0f5eeda9d35ab57a5342f84481e6c5a7 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-7112 Malicious code in tphttpgetvisa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8650b4c7448722b292dd7a51f0f9b4295b61260486ce4c61c58adcf391416b70 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-5228 Malicious code in py-intelgame (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb511632e871dda789a0ef10c17c89b0ec71241a8287ae4344459a74a654ef87 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
CVE-2023-26462
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...
Design/Logic Flaw
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...
MAL-2023-8033 Malicious code in pagseguro-utils-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f7a3386fd85bb30de547429241a02add188cf0bcb06352f465f9a5f403408db6 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-8002 Malicious code in @pagseguro/ps-requests-ws (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 454a292eff1e0d6b8df49d31d21284597d92f0a7d4690619b9c85437e8d0c597 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in pagseguro-utils-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f7a3386fd85bb30de547429241a02add188cf0bcb06352f465f9a5f403408db6 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-7994 Malicious code in @pagseguro/axios-instance (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a465c79cb8dc5ed82a72b242444916efda5a4f4db9bdd4a28c24b6a7994d350b Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-7997 Malicious code in @pagseguro/ps-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 492467e28bf1b4fe156c5a01fadd9b075b419bc9dc92fb95a8048b523d16cbf0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-7996 Malicious code in @pagseguro/nest (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b16a70a89161283b99538bb25fdbaecc235a75a73c7a471c98ad831fc08a7cdf Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-8006 Malicious code in @pagseguro/stylelint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a77a0e8f023eb828ca6897ba36220e030972b11f244c8f48c031c928e5342367 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
PT-2023-20655 · Unknown · Thingsboard
Name of the Vulnerable Software and Affected Versions: ThingsBoard version 3.4.1 Description: The issue allows a remote attacker to gain elevated privileges due to hard-coded service credentials being stored in an insecure format. To exploit this, an attacker would need access to the application...
MAL-2023-8000 Malicious code in @pagseguro/ps-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 215b7859b73d06b74ebd0b73fe0a349c7de24b2e7e87046a0f92488d2d1f32fe Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-7999 Malicious code in @pagseguro/ps-crypt-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 40a6f6bf343548e89c4d7feaa6420d2c19f90bf043babf42602824d186d4a691 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-8003 Malicious code in @pagseguro/ps-security-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx dc36ef7ae93e63465de236217ebce560fe96cb785ae06b4a53b7d5733be61fbf Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-47 Malicious code in @pagseguro/pagseguro-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8e3f853a167ac4fc6f37a0c3b1b12bdba5e57f568800476f319399643b6b0fa9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-7998 Malicious code in @pagseguro/ps-cart-recovery (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d346211619464a6ebd3e0d7ec8ea2f1eea16c76edd0f48bab81b5640c0ee16b5 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
CVE-2023-26462
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...