333 matches found
The vulnerability of the web components of Ivanti Connect Secure and Ivanti Policy Secure control tools allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure web components related to authentication procedures’ flaws. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted requests...
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...
Command injection
A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...
VulnCheck KEV: CVE-2024-21887
Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...
Malicious code in zoo-web-components-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5a033ba4e84e9b29f5eb20d41c448241b24f20fb48b6ad382babb24543441f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8508 Malicious code in zoo-web-components-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5a033ba4e84e9b29f5eb20d41c448241b24f20fb48b6ad382babb24543441f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Updates for Skype for Business Server 2019 (KB4470124)
Updates for Skype for Business Server 2019 KB4470124 This article specifies the applicability of Microsoft Skype for Business Server 2019 updates for each server role. Note: Skype for Business Server 2019, August 2025 update includes critical security updates for the Skype meetings application...
Malicious Package
Overview cvent-web-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in cvent-web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fb3c6feabc769a5b68e6c52a29ed619c645b3dbb7c78c9b6313affab4d47f44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2291 Malicious code in cvent-web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fb3c6feabc769a5b68e6c52a29ed619c645b3dbb7c78c9b6313affab4d47f44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2755 Malicious code in enviso-web-components-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d75a7c878177290aa6c8c20615f8d9c791e5461f2f344511808c3ccc48e63da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gopro-web-javascript-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbd5c887f1ae7f927a94580db5eb195ca0a078262261f58af907566bcda2568e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-37197
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...
Cross site request forgery (csrf)
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS uses a flawed implementation of...
CVE-2021-37198
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS uses a flawed implementation of...
CVE-2021-37196
Siemens COMOS Web component contains a path traversal vulnerability (CVE-2021-37196) affecting COMOS Web in V10.2 (all versions when web components are used), V10.3 (before 10.3.3.3; and all versions ≥ 10.3.3.3 if web components are used), and V10.4 (before 10.4.1 if web components are used). The...
CVE-2021-41086
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...