Malicious Package

Overview @nelio-content/data is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

Malicious Package

Overview @nelio-content/utils is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview datagrid-text-filter-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview ticket-parser2-py3 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview yandex-global-state-controller is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Malicious Package

Overview sandbox-library is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview yandex-yt-driver-rpc-bindings is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

Malicious Package

Overview qb2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installed...

Malicious Package

Overview eumetcast-gluing is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview sandbox-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

CVE-2022-40173

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

PT-2023-15119 · Sonic · Sonic

Name of the Vulnerable Software and Affected Versions: Sonic version 1.0.4 Description: The issue allows attackers to execute a directory traversal in the component /admin/backups/work-dir. This enables attackers to access files or directories outside the intended directory structure...

PT-2023-18598 · Unknown · Izybat Orange Casiers

Name of the Vulnerable Software and Affected Versions: IzyBat Orange casiers versions before 20221102 1 Description: The issue allows SQL Injection via a "getCasier.php?taille=" URI. Recommendations: For versions before 20221102 1, update to a version 20221102 1 or later to resolve the issue. As ...

PT-2023-15471 · Seltmann Gmbh · Seltmann Gmbh Content Management System

Name of the Vulnerable Software and Affected Versions: Seltmann GmbH Content Management System version 6 Description: The issue is related to SQL Injection via the "/index.php" API endpoint. This allows for potential exploitation. Recommendations: For Seltmann GmbH Content Management System versi...

GSD-2023-1000435 ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod

ARM: 9256/1: NWFPE: avoid compiler-generated aeabiuldivmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

PT-2023-1035 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.6 and earlier Description: The issue is related to a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...

PT-2022-25896 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

How to Avoid Black Friday Scams Online

'Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure...

PT-2022-26172 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue is a command injection vulnerability in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host paramete...

CVE-2022-4084

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...