15483 matches found
Mozilla Firefox ESR < 140.3
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-75 advisory. - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142...
CVE-2025-56697
CVE-2025-56697 describes a Stored Cross-Site Scripting (XSS) vulnerability in Kashipara Computer Base Test v1.0, specifically in the /users/adminpanel/admin/home.php?page=feedbacks page. The underlying issue is unsanitized input through the smyFeedbacks POST parameter (affecting /users/home.php),...
Malicious code in @nativescript-community/ui-pulltorefresh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @triniwiz/nativescript-pdf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0dee524a059c5be768ba0f921b02cf030608c6377823ec2fda73727e66313248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/sqlite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12fdec6c515865f33dafbfd89c6a2e810138eab46fe92d29955d74a13e37567f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-59162
creationtimestamp| type| source ---|---|--- 2025-09-15 19:21:19+00:00| seen| https://bsky.app/profile/bad-at-computer.bsky.social/post/3lyvjo7ma7c2n 2025-09-20 21:19:46+00:00| seen| https://bsky.app/profile/okbosmedia.bsky.social/post/3lzccme7hxv2k...
CVE-2025-59145
creationtimestamp| type| source ---|---|--- 2025-09-15 19:21:19+00:00| seen| https://bsky.app/profile/bad-at-computer.bsky.social/post/3lyvjo7ma7c2n 2025-09-15 21:05:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyvphwwomm2i 2025-09-20 21:19:46+00:00| seen|...
CVE-2025-10445
A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/ustransac.php?action=add. Executing manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has bee...
CVE-2025-10436
CVE-2025-10436 affects Campcodes Computer Sales and Inventory System 1.0. The vulnerability is a SQL injection in the unknown function of /pages/sup_searchfrm.php?action=edit, triggered by manipulating the ID parameter. It is exploitable remotely, and public exploit access is noted. Multiple conn...
CVE-2025-10435 Campcodes Computer Sales and Inventory System cust_edit1.php sql injection
A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custedit1.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been...
Malicious code in newrelic-pixie (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16c7baf5c47666c1407211c9fb57ede68cd4a7eea34bd8e591af32fd24c11f5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47205 Malicious code in str-validator-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbae0fa7ec3f4325516d97436685965bc1ff6dddaf218710407f697497c579a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in string-setup-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0bc9eeb3a1bc272c3b55d695ba0aa54a481cfb3ac6c0611bbaadd96cf5cb1935 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mysql-dumpdiscord (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a71ef5bb0add3bd32fba8e827c6a43a6d7889f8a640286196a4a3057be865e1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47182 Malicious code in internallib_v320 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 204ed31fa77ee7b2a41f972ca8834f0cb6e4912b1155723e364227e15df8ce6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47145 Malicious code in @huobi-lib/vulcan-js-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19abe7ab9afcd189bbbd5061add8629d1f576b8dae3944cc7974b7581ffbd570 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eslints-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b662ef08a1f7e1997586aa84a90068921137be8ec4c4c82df2ba5c5318ad3202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47178 Malicious code in eslints-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b662ef08a1f7e1997586aa84a90068921137be8ec4c4c82df2ba5c5318ad3202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47211 Malicious code in tailwind-configs-viewer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee3c791a92600ef66a7c4165e740bfeda8da8dad109a35e6db271d6fe07caf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47190 Malicious code in mse-eme-capabilities.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35ba0710a5c55a2abfbe4d0332047feccf4ef80e6d7d98203473d6eec8bd1d8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...