Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. id: CVE-2022-23397 info: name: Cedar Gate EZ-NET = 6.8.0 - Cross-Si...

CVE-2026-25727 vulnerabilities

Vulnerabilities for packages: sccache, quiche, wash, rye, starship, berg, xh, uutils, zizmor, cargo-c, pixi, parseable, wasm-pack, mountpoint-s3, rust-analyzer, cedar, py3-xet-core, buck2, samply, kdash, uv, qdrant, wasmcloud, zed, yazi, geckodriver, deno, oranda, cargo-audit, eza, ztunnel, yara-...

GHSA-R6V5-FH4H-64XC vulnerabilities

Vulnerabilities for packages: sccache, quiche, wash, rye, starship, berg, xh, uutils, zizmor, cargo-c, pixi, parseable, wasm-pack, mountpoint-s3, rust-analyzer, cedar, py3-xet-core, buck2, samply, kdash, uv, qdrant, wasmcloud, zed, yazi, geckodriver, deno, oranda, cargo-audit, eza, ztunnel, yara-...

CVE-2026-25727 vulnerabilities

Vulnerabilities for packages: atuin, shadowsocks-rust, topgrade, lychee, yara-x, cedar, eza, samply, wadm, zed, mountpoint-s3, qdrant, watchexec, wasm-pack, quiche, uutils, wasmcloud, yazi, guestproxyagent, buck2, geckodriver, zola, linkerd2-proxy, sccache, bat, sqlx, zizmor, virtiofsd, uv,...

GHSA-R6V5-FH4H-64XC vulnerabilities

Vulnerabilities for packages: atuin, shadowsocks-rust, topgrade, lychee, yara-x, cedar, eza, samply, wadm, zed, mountpoint-s3, qdrant, watchexec, wasm-pack, quiche, uutils, wasmcloud, yazi, guestproxyagent, buck2, geckodriver, zola, linkerd2-proxy, sccache, bat, sqlx, zizmor, virtiofsd, uv,...

CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...

@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +49 more potentially affected by unknown CVE via @escape.tech/graphql-armor-max-depth (>=2.0.0 <=2.4.1)

@escape.tech/graphql-armor-max-depth NPM version =2.0.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =2.0.0, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-ESCAPETECHGRAPHQLARMORMAXDEPTH-12219686...

Malicious code in @malware-test-cedar-clipt-geals-goaty/test-mlw3-cedar-clipt-geals-goaty (npm)

The package @malware-test-cedar-clipt-geals-goaty/test-mlw3-cedar-clipt-geals-goaty was found to contain malicious code...

VulnCheck KEV: CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...

Intent-Aware Authorization for Zero Trust CI/CD

This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...

GHSA-WWQ9-3CPR-MM53 vulnerabilities

Vulnerabilities for packages: wash, cedar, linkerd2-proxy, buck2, shadowsocks-rust, cargo-audit, berg, starship, xh, wadm, qdrant, wasmcloud, nushell, tealdeer, wit-bindgen, pixi...

Malicious code in cedar-snippet (npm)

This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

MAL-2024-1394 Malicious code in cedar-snippet (npm)

This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

schwan-cedar.com Improper Access Control vulnerability OBB-3809811

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

USN-6283-1: Linux kernel vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 Zheng Zhang discovered that the...

Null pointer dereference

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.00...

DeftTorero: tactics, techniques and procedures of intrusions revealed

Earlier this year, we started hunting for possible new DeftTorero aka Lebanese Cedar, Volatile Cedar artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared unt...

Cedar Gate EZ-NET Cross-Site Scripting Vulnerability

Cedar Gate EZ-NET is an Internet portal application from Cedar UK. A cross-site scripting vulnerability exists in The Cedar Gate EZ-NET 6.5.5, 6.6.3, 6.7.0, and 6.8.0 that stems from The Cedar Gate EZ-NET 6.5.5, and 6.8.0 having a call to display messages to the user that do not correctly clean u...

CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...

CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...