MAL-2022-3193 Malicious code in free-robux-codes-ps4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c374a1fd80964999fbfc9540c94b65b6af2c5ad7706320fbcf5e15afb8d972b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3186 Malicious code in free-roblox-robux-codes-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85b4eb2412fd3ecd6a02ea953676f5672d1607ef55be3715fc83b5d56e3e376d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in free-primogems-codes-2022 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e50ef875e7c27e42aa6b512120622fcbe1fcbfcd0edd6a9408e6819d3258ae2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3183 Malicious code in free-primogems-codes-2022 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e50ef875e7c27e42aa6b512120622fcbe1fcbfcd0edd6a9408e6819d3258ae2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in free-pokemon-go-promo-codes-2022 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb06d31da6a5c37479f3f071ec551473de8fd747ae9455c8ebb1908ac391abab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in free-fortnite-skins-codes-xbox-pc-switch-2022 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9171c371ea315be60767037e9f542935a51009494d9d0fd8d65fb5a6c55bf888 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3172 Malicious code in free-fortnite-wildcat-skin-codes-2022 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d0de62fd6004538e6baff898b13439f919fa85f3f53373ec656039edd235007 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2138 Malicious code in communication-short-codes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 856e3845d5cd393d2ac58122b132840adb13f471a8488c0d1ce8d097263d40e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-P2G9-94WH-65C2 Space bug in `clean_text`

An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug: let html = format!"", cleantextusersuppliedstring; Applications are not affected if they quote their attributes, or if they don't use cleante...

Command Injection

cookiecutter is vulnerable to command injection. The vulnerability exists in the clone function in vcs.py due to a lack of sanitization in checkout parameter which allows an attacker to inject and execute arbitrary codes...

BootCommerce v3.2.1 - Multiple Persistent Vulnerabilities

Document Title: =============== BootCommerce v3.2.1 - Multiple Persistent Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2279 Release Date: ============= 2022-06-06 Vulnerability Laboratory ID VL-ID: ====================================...

ChromeLoader Browser Malware Spreading Via Pirated Games and QR Codes

By Waqas A new malvertising campaign has emerged in which ChromeLoader malware is being used to hijack browsers and steal… This is a post from HackRead.com Read the original post: ChromeLoader Browser Malware Spreading Via Pirated Games and QR Codes...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +16017 more potentially affected by CVE-2021-22118 via org.springframework:spring-web (>=5.3.0 <=5.3.6)

org.springframework:spring-web MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =4.6.0.0 - ai.apiverse:apipulse =1.0.1 and more Source cves: CVE-2021-22118 Source advisory: OSV:GHSA-GFWJ-FWQJ-FP3V...

Mattermost Server is vulnerable to XSS through customizable theme color-code values

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values...

GHSA-H8QW-XQM9-Q66J Mattermost Server is vulnerable to XSS through customizable theme color-code values

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +1533 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.5.0 <=5.5.6)

org.springframework.security:spring-security-core MAVEN version =5.5.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.13.0, =1.13.0, =2.2.0 - be.jidoka:jdk-keycloak-admin =1.2.0 and more Source cves: CVE-2022-22978 Source advisory:...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +4202 more potentially affected by CVE-2022-22976 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.5.6)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =j8.2.4.0, =j8.2.4.0, =j11.2.4.0 and more Source cves: CVE-2022-22976 Source advisory: OSV:GHSA-WX54-3278-M5G4...

CVE-2022-30111

Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks...

CVE-2022-30111

CVE-2022-30111 affects MCK Smartlock 1.0 due to an insecure rolling-code algorithm that enables replay attacks to unlock the mechanism. The vulnerability arises from the rolling-code design, allowing an attacker with physical access to replay codes and compromise authentication. In the NVD entry,...