16 matches found
CVE-2026-44245
CVE-2026-44245 affects Kyverno’s policy-reporter-ui where the PropertyCard.vue component uses Vue.js v-html to render non-URL strings, bypassing escaping and allowing stored HTML payloads from Kubernetes PolicyReport.results[].properties to flow into the DOM. The isURL() guard only filters http/h...
Malicious code in identification-card-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08f07ce1c75c62d4d9c717c72e271cf8c7ff2c01ecfb240af7c2299c8c662f1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5561 Malicious code in identification-card-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08f07ce1c75c62d4d9c717c72e271cf8c7ff2c01ecfb240af7c2299c8c662f1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1223 Malicious code in meeting-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 388fc50b22e2990c5b37bcc9737237040efb41310d241da7e2dbb65c85a3717d Any computer that has this package installed or running should be considered...
MAL-2025-1209 Malicious code in calendar-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95a4969cc148bc29146d190547f35d8feedf6f215b80c642dc30147343561f09 Any computer that has this package installed or running should be considered...
MAL-2025-1220 Malicious code in insights-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82766b608d8923a399168c6fb9ea11a282a64d105b48fde50debc89d2ba1b82b Any computer that has this package installed or running should be considered...
Malicious code in new-items-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cffcddd91732bfca058bc61ed267aa0a24f1e71e7fcd830cf9060d8e63cd57fe Any computer that has this package installed or running should be considered...
Malicious code in meeting-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 388fc50b22e2990c5b37bcc9737237040efb41310d241da7e2dbb65c85a3717d Any computer that has this package installed or running should be considered...
Malicious code in calendar-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95a4969cc148bc29146d190547f35d8feedf6f215b80c642dc30147343561f09 Any computer that has this package installed or running should be considered...
MAL-2025-1225 Malicious code in new-items-card-component (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cffcddd91732bfca058bc61ed267aa0a24f1e71e7fcd830cf9060d8e63cd57fe Any computer that has this package installed or running should be considered...
Malicious Package
Overview calendar-card-component is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview new-items-card-component is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview insights-card-component is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Huawei HarmonyOS HAL Card Component Unauthorized Access Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. The Huawei HarmonyOS HAL card component is vulnerable to unauthorized access, which could be exploited by attackers to compromise confidentiality...
Unspecified Vulnerability in Oracle Customer Management and Segmentation Foundation
Oracle Customer Management and Segmentation Foundation is a retail customer management product. An unspecified vulnerability exists in the Card component of Oracle Customer Management and Segmentation Foundation. An attacker could exploit this vulnerability to compromise confidentiality and...
Design/Logic Flaw
Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications component: Card. Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...