3743 matches found
Malicious Package
Overview useravatarcircleicon is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview bc-baseline is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview libponenunber-js is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious Package
Overview react-influxdb is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious Package
Overview bootstrap-sass-official is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview oci-console-regions is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
Malicious Package
Overview eg-shared is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview @capdesk/camo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview citi-gcg-173875 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
Malicious Package
Overview pitito is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview superagtn is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
PT-2023-21861 · Unknown · Simple Design Daily Journal +1
Name of the Vulnerable Software and Affected Versions: Simple Design Daily Journal version 1.012.GP.B Description: A vulnerability has been found in the SQLite Database component, leading to cleartext storage in a file or on disk. The manipulation can be launched on the local host. The exploit ha...
PT-2023-24191 · Unknown +1 · Flask-Caching +1
Name of the Vulnerable Software and Affected Versions: ToUI versions 2.0.1 through 2.4.0 Description: The issue affects websites that use the Website.user vars property. ToUI utilizes Flask-Caching SimpleCache to store user variables, which are stored on the server side. Recommendations: For...
PT-2023-17043 · Unknown · Mobilmen Terminal
Name of the Vulnerable Software and Affected Versions: Mobilmen Terminal Software versions prior to 3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
Malicious Package
Overview grouped-content is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
Malicious Package
Overview lexicaltext is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
PT-2023-3380 · Sourcecodester · Sourcecodester Lost/Found Information System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been found in the component "admin/?page=items/view item" of the SourceCodester Lost and Found Information System, related to the lack of protectio...
PT-2023-22999 · Mutagen +1 · Mutagen +1
Name of the Vulnerable Software and Affected Versions: Mutagen versions prior to 0.16.6 Mutagen versions prior to 0.17.1 mutagen-compose versions prior to 0.17.1 Description: The issue affects Mutagen's list and monitor commands, making them susceptible to control characters provided by remote...
PT-2023-19508 · Phpmyfaq · Phpmyfaq
Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.13 Description: The issue is related to a stored Cross-site Scripting XSS vulnerability. This vulnerability allows an attacker to steal user cookies by exploiting the name field in the add question module...
CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...