160 matches found
EUVD-2009-5004
Malware in sbrugna...
EUVD-2025-6857
Malicious code in bioql PyPI...
EUVD-2025-27483
Malicious code in bioql PyPI...
EUVD-2024-53126
Malicious code in bioql PyPI...
Embedded Malicious Code
Overview duckdb is a Node.js API for DuckDB, the "SQLite for Analytics". The API for this client is somewhat compliant to the SQLite Node.js client for easier transition and transition you must eventually. Affected versions of this package are vulnerable to Embedded Malicious Code. This package...
PT-2025-28393 · Sinec Nms · Sinec Nms
Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified that makes the affected devices vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server...
Microsoft Windows BitLocker 安全漏洞
Microsoft Windows BitLocker is a BitLocker by Microsoft Corporation USA Ensure secure backup of recovery keys before activating protection. A security vulnerability exists in Microsoft Windows BitLocker. An attacker exploiting this vulnerability could bypass certain features. The following produc...
PT-2025-26731
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an...
XWiki does not require right warnings for XClass definitions
Impact When an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior...
XWiki does not require right warnings for notification displayer objects
Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...
CVE-2024-52800
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
CVE-2024-28131
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...
CVE-2024-28237
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...
CVE-2024-51990
jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...
CVE-2023-38505
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...
Why we’re no longer doing April Fools’ Day
The internet is filled with falsehoods. We’re forever investigating new scams here at Malwarebytes, and so we get how hard it is to know what—or who—to trust online. There’s the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream. There’s the fake...
MAL-2025-2714 Malicious code in truchuhhbuh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8810fe0d195e5777e68fcf99f39f501f98ab2b6d41bc2b49fbdb4c97751559e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-52005
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
PT-2024-36832 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...