Malicious code in synthetics-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...

MAL-2026-2802 Malicious code in synthetics-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...

Synthetics Recorder 1.4.15 Security Update (ESA-2026-16) - CVE-2025-6554 and CVE-2025-7657

Dependency on Vulnerable Third-Party Component in Synthetics Recorder Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in the bundled Chromium browser in Elastic Synthetics Recorder that could allow an attacker to achieve remote code execution on a...

CVE-2023-31415

Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of t...

EUVD-2025-13051

Malicious code in bioql PyPI...

EUVD-2023-35726

Malicious code in bioql PyPI...

Malicious code in synthetics-sdk-broken-links (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47730 Malicious code in synthetics-sdk-broken-links (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-21613 Malicious code in gmx-synthetics (npm)

The package gmx-synthetics was found to contain malicious code...

Malicious code in gmx-synthetics (npm)

The package gmx-synthetics was found to contain malicious code...

The vulnerability of the monitoring tool for Synthetics in the Kibana data visualization service allows a violator to increase their privileges.

The vulnerability of the monitoring tool for Synthetics in the Kibana data visualization service is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges by sending a specially crafted HTTP request...

BIT-KIBANA-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

BIT-ELK-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390

Kibana is affected by CVE-2024-11390: an Unrestricted Upload of a File with a Dangerous Type can lead to arbitrary JavaScript execution (XSS) in a victim’s browser via crafted HTML/JavaScript files. This requires access to the Synthetics app or write access to synthetics indices. Affected version...

Kibana 7.17.24 and 8.12.0 Security Update (ESA-2024-20)

Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS ESA-2024-20 Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetic...

Malicious code in synthetics-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e132b465279df9b9432ece358404299922e0051907132baf848320447a551489 The OpenSSF Package Analysis project identified 'synthetics-recorder' @ 9.9.99 npm as malicious. It is considered malicious because: - The packa...

Arbitrary Code Execution

kibana is vulnerable to Arbitrary Code Execution. A remote authenticated attacker with the ability to modify the Kibana yaml or env configuration is able to execute malicious code on the host system via a malicious configuration payload trough the Uptime/Synthetics feature...