11 matches found
MAL-2026-4473 Malicious code in @zizie071/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6d5096096e7e958916c5449a7480949135e6af5cd9acd4e1b1edab8c331163 On require, index.js schedules install.js which locates the installer's @whiskeysockets/baileys package on disk and overwrites lib/Socket/newsletter....
CVE-2026-35578
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...
PT-2026-20872
Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowing an attacker to cause sensitive user-specific responses to be cached and served to other users...
EUVD-2024-16235
Malicious code in bioql PyPI...
EUVD-2024-42133
Malicious code in bioql PyPI...
CVE-2023-24453
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2022-34201
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2021-29660
A Cross-Site Request Forgery CSRF vulnerability in en/cfgsetpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker...
CVE-2020-13651
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...
CVE-2017-3890
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an...
Geeklog 1.3.7 - users.php?uid Cross-Site Scripting
Geeklog 1.3.7 - users.php?uid Cross-Site Scripting source: https://www.securityfocus.com/bid/6602/info Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker...