8 matches found
EUVD-2024-26868
Malicious code in bioql PyPI...
Malicious code in @sber-business-id-kekw/srp (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
Malicious code in @sber-business-id/srp-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74ef435b568b37df784ed252399339d031e51238e46c8a9374c85bec79773faa The OpenSSF Package Analysis project identified '@sber-business-id/srp-client' @ 2.0.0 npm as malicious. It is considered malicious because: - T...
CVE-2023-2298
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'businessid' parameter in versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-23094 · Unknown · Sentrifugo
Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: The issue is related to a SQL injection vulnerability. It could allow a remote user to send a specially crafted query to the server and extract all the data from it. The vulnerability is exploited through t...
Sentrifugo SQL注入漏洞
Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from the lack of validation of...
CVE-2023-2298
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'businessid' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-2298
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'businessid' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for...