3745 matches found
Malicious Package
Overview tree-node-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview @nelio-content/utils is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview @nelio-content/data is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
Malicious Package
Overview bootstrap-v5 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview datagrid-text-filter-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview ticket-parser2-py3 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview yandex-global-state-controller is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious Package
Overview sandbox-library is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
Malicious Package
Overview yandex-yt-driver-rpc-bindings is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious Package
Overview qb2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installed...
Malicious Package
Overview eumetcast-gluing is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious Package
Overview sandbox-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
CVE-2022-40173
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...
PT-2023-15119 · Sonic · Sonic
Name of the Vulnerable Software and Affected Versions: Sonic version 1.0.4 Description: The issue allows attackers to execute a directory traversal in the component /admin/backups/work-dir. This enables attackers to access files or directories outside the intended directory structure...
PT-2023-18598 · Unknown · Izybat Orange Casiers
Name of the Vulnerable Software and Affected Versions: IzyBat Orange casiers versions before 20221102 1 Description: The issue allows SQL Injection via a "getCasier.php?taille=" URI. Recommendations: For versions before 20221102 1, update to a version 20221102 1 or later to resolve the issue. As ...
PT-2023-15471 · Seltmann Gmbh · Seltmann Gmbh Content Management System
Name of the Vulnerable Software and Affected Versions: Seltmann GmbH Content Management System version 6 Description: The issue is related to SQL Injection via the "/index.php" API endpoint. This allows for potential exploitation. Recommendations: For Seltmann GmbH Content Management System versi...
GSD-2023-1000435 ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
ARM: 9256/1: NWFPE: avoid compiler-generated aeabiuldivmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
PT-2023-1035 · Adobe · Dimension
Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.6 and earlier Description: The issue is related to a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...
PT-2022-25896 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
How to Avoid Black Friday Scams Online
'Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure...