Malicious code in apple-appstore-full-library-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3187 Malicious code in apple-appstore-full-library-utility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...

Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile

CVE-2026-1281 & CVE-2026-1340 - Ivanti EPMM Pre-Auth RCE !L...

CVE-2022-26313

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...

Remote Code Execution (RCE)

Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...

Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...

Signal K Server 代码注入漏洞

Signal K Server is a ship centralized server for Signal K open source. A code injection vulnerability exists in Signal K Server versions prior to 2.19.0, which stems from the appstore interface passing version parameters directly to npm without cleaning them up, which could lead to arbitrary code...

EUVD-2020-4785

Malware in sbrugna...

Malicious code in apple-appstore-server-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ffc44075c7a6123e6fd516c9e8c1abbd98b481d26ae67ee10e814bec86bbe7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-25672

A vulnerability has been identified in Mendix Forgot Password Appstore module All Versions V3.2.1. The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts...

Nextcloud: Blind SSRF Vulnerability in Appstore Release Upload Form

Vulnerability description not provided...

CVE-2024-45045

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

CVE-2024-45045

CVE-2024-45045 affects mobile variants (Android/iOS) of Collabora Online, based on LibreOffice. The vulnerability enables injection of JavaScript through URL-encoded values in links within documents, exploiting the Android JavaScript interface which can access internal functions. Non-mobile varia...

CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

GHSA-PV88-89RQ-9FG6 Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text

Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.relutionpublisher.configuration.global.StoreConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins...

GHSA-9FPQ-V2P3-W63J Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text

Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.relutionpublisher.configuration.global.StoreConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins...

siemens Mendix Forgot Password Appstore module access control impropriety vulnerability (CNVD-2022-17796)

Forgot Password module allows users to register applications or reset their own passwords without administrator involvement. siemens Mendix Forgot Password Appstore module contains a security vulnerability that could be exploited by an attacker to hijack any user account using the registration fl...