PT-2026-3224

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the display settings page function. This makes it possible for unauthenticated attackers to modify plugin settings vi...

MAL-2024-8758 Malicious code in dogecoin-address-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59974cca416c68c21415c245925a5bbe5e4d1b8896bf3b41958d974bf12edb76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bitcoin-address-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb543ed42a9c4e7386578dde42e2f9f8c6274c88b87358bff00e48a6fa2ea87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dogecoin-address-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59974cca416c68c21415c245925a5bbe5e4d1b8896bf3b41958d974bf12edb76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in litecoin-address-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2f4c4e8a02044ac141a2794e470da413b18acaaa68ae8f39b8276e2b74a95b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8782 Malicious code in litecoin-address-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2f4c4e8a02044ac141a2794e470da413b18acaaa68ae8f39b8276e2b74a95b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8744 Malicious code in bitcoin-address-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb543ed42a9c4e7386578dde42e2f9f8c6274c88b87358bff00e48a6fa2ea87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in address-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6511 Malicious code in address-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in activemodel-email-address_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6462 Malicious code in activemodel-email-address_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

GHSA-JH3W-4VVF-MJGR Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

GHSA-Q5QW-4364-5HHM Django Vulnerable to HTTP Response Splitting Attack

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

The vulnerability of the URLValidator, validate_ipv4_address, and validate_ipv46_address functions of the Django web application software lies in insufficient validation of incoming requests, allowing attackers to compromise data integrity.

The vulnerability of the URLValidator, validateipv4address, and validateipv46address functions in the Django software framework relates to the absence of prohibition for leading zero characters in octal literals. Exploiting this vulnerability could allow a malicious actor to compromise data...

GHSA-77MR-WC79-M8J3 PHPMailer untrusted code may be run from an overridden address validator

If a function is defined that has the same name as the default built-in email address validation scheme php, it will be called in default configuration as when no validation scheme is provided, the default scheme's callable php was being called. If an attacker is able to inject such a function in...

Untrusted code may be run from an overridden address validator

This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...

PYSEC-2021-8

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

@arpinum/backend (>=0.0.3 <=0.0.65), @austbot/wallet-sdk (=1.0.0-beta.21) +135 more potentially affected by CVE-2021-21267 via schema-inspector (>=1.4.2 <=1.7.0)

schema-inspector NPM version =1.4.2, =0.0.3, =0.1.0, =0.1.5, =0.1.1, =0.0.3, =0.0.1, =1.0.0, =3.2.7, =3.3.4, =0.0.3, =2.0.0, =0.0.1, =4.1.2 and more Source cves: CVE-2021-21267 Source advisory: OSV:GHSA-F38P-C2GQ-4PMR...

Malicious Package in wallet-address-validtaor

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...

Malicious Package in wallet-address-vaildator

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...