MAL-2026-2619 Malicious code in upstartloans (npm)

Collects and exfiltrates sensitive data credentials, keys, history to p1s.uk with disabled SSL validation. Suspicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a1d5c610e0cc5ec6be53b8d0d986d5ddef30937d04c977998db4c2d4b0be908 The package...

CVE-2019-2859

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

EUVD-2020-22756

Malware in sbrugna...

EUVD-2019-12505

Malware in sbrugna...

EUVD-2023-35393

Malicious code in bioql PyPI...

CVE-2025-6076

Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the...

Apple MacOSX Security Update (HT122902)

Apple Mac OS X is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-21334

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...

MAL-2025-3952 Malicious code in inter-frontend-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c441af5510fe1f789c79990913bea9d85ee1c522fabaf6b8fd097336a725aa4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in statewars (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3054b3bc016fb28cbd39ad6ff12e082819c4ded2b17560fa6a0d5e750c80f61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

USN-7428-1: Linux kernel vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

CVE-2020-2907

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...

Malicious code in pascoresend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6eb745bf1dd58bd41204dc547be9cadb3cbe35b5d804c45735c78cf6c33fe4ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50560

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...

CVE-2024-41684 Cookie Without Secure Flag Set Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system...

CVE-2024-33006

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system...

CVE-2024-33006

SAP NetWeaver App Server ABAP/ABAP Platform is affected by a file-upload vulnerability (CVE-2024-33006) due to insufficient validation of uploaded files. An unauthenticated attacker can upload a malicious file to the server; when accessed by a victim, this can lead to complete system compromise. ...

PT-2024-25656 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie affected versions not specified Description: The issue is an SQL injection vulnerability that exists in the script Handler CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the...

PT-2024-3131 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.0.0.0.0 and 12.2.1.4.0 Description: The issue is related to insufficient input validation in the XML Services component of Oracle BI Publisher, allowing an unauthenticated attacker with network access via HTTP t...

CVE-2024-20959

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...