MAL-2024-153 Malicious code in ahmadzdzdzdzddddahas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f10f881888721e5e7bcdd3cb99e15e7948d9c5eadbb869e8ebb9bd54faebd96d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-41786

Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1...

CVE-2024-20966

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

CVE-2024-20926

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

CVE-2024-20918

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

MAL-2024-128 Malicious code in uhqsniper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bc3babfc8b7310621d81f76510b2c16c577e4714f44f2b4f205ddc360f4f876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-20970

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-22627

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editdistributor.php?id=...

CVE-2024-22625

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editcategory.php?id=...

PT-2024-19505 · Unknown · Complete Supplier Management System

Name of the Vulnerable Software and Affected Versions: Complete Supplier Management System version 1.0 Description: The issue is related to SQL Injection via the "/Supply Management System/admin/edit retailer.php" endpoint, specifically the id parameter. This allows for potential exploitation. No...

CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

Default credentials

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

CVE-2023-52184

Cross-Site Request Forgery CSRF vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6...

CVE-2023-51527

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2...

CVE-2023-51527

CVE-2023-51527 describes an Exposure of Sensitive Information to an Unauthorized Actor in the plugin AI Power: Complete AI Pack – Powered by GPT-4 . Reports indicate the vulnerability affects versions up to 1.8.2 and allows an unauthorized actor to access sensitive data. Related connected records...

CVE-2023-51378

Cross-Site Request Forgery CSRF vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1...

The vulnerability of the __nvmet_reqComplete() function in the drivers/nvme/target/tcp.c file of the Linux NVMe kernel driver allows a hacker to trigger a service failure.

The vulnerability of the nvmetreqComplete function in the drivers/nvme/target/tcp.c file of the Linux NVMe driver kernel involves the assignment of a null pointer. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2023-49171

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat...