15487 matches found
CVE-2024-54304
CVE-2024-54304 is an SQL Injection in the Hive Support WordPress Help Desk plugin. Affected: Hive Support – WordPress Help Desk (plugin) versions up to 1.1.2. Root cause: Improper neutralization of SQL elements in the vulnerability path. Impact: authenticated attackers may exploit to manipulate S...
MAL-2024-11829 Malicious code in imgur-uploader-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e12db7b7de507126d4fa046e84a7acb1e502c87e639c69d90159cd396bed2b84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11833 Malicious code in imran-servar (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9af64e8c6963a1d384ffab6087780576331442e9e8c79eda2f18e092b02b52d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11830 Malicious code in imran-dlmedia (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2333403d155a3c1e1f283f0fdb315ee94b8315d41551e7e56e0ee12b8e86dc75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11826 Malicious code in fca-imran-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 358afd8d601316f313a38fc5c4433ff8b13a1082ec2c05ea6c91464b62d5125f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng aka gbigmao and gxiaomao, who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been...
MAL-2024-12153 Malicious code in lido-on-ethereum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3bb60770096d192fa10be6d8db3cb1a517989c512244db517590cf115f7a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12152 Malicious code in lfs-au-website-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c1cede85f63ef726a200198c527060cd81e0506a726fc5ad92ce154a3873e99 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12142 Malicious code in core-registry-dashboardx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3be3f25a63079c3df9415707b51a81889281c32a64b2e9e3d28823d5e869e508 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in promisified-resource-pool123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3a42e7d4fdb14241d0b230905da182d6726bba306ef7dc7cbd565eadf2192e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dhp-logging-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware def2cfdcf7555dce8bc6545670a20f1748d6588683a817bc7d922f42c8e9cd43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in playwright-1.46 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b54a73f91f92e3252ca7711496e9a2cc0e1eabd2637f94a2bfdce96d1a94791 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Motoko 安全漏洞
Motoko is a secure, simple, participant-based programming language open-sourced by DFINITY for building Internet Computer ICP jar smart contracts. Motoko has a security vulnerability that stems from the incremental garbage collector containing an uninitialized memory access error...
MAL-2024-11213 Malicious code in vareapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 296640ad50ffc63152ca94b0951a56c7ebc71e341ecae13dab648ae97fa99425 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ic-master-wordpress (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d19ae5087f1493c0f8980ff5ae6a03be7f82b11c1891505418ccd296de41166 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11207 Malicious code in crypto-layout-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fb00ef7ee21b6fc04fbef059a71415a1b6af8daf224b5e56df77ba85fa99351 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ndbench-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7227dbaa5c3b3b6a073625c72e3d45b4da3a973fe2f3c151dc615c3a23800b70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11209 Malicious code in kubernetes-agent-nfs-watchdog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3ebdf02f1505d57c21836cf1054215450cdbd8b35ae587c8fdf1c0c59ac85f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Pixel 安全漏洞
Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from an unusual root cause in sgremovescat in scsi/sg.c. There may be memory corruption...
Malicious code in vue-midata (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc06ec1e2eb7c0a1bd2a27e81568ad8ee48c80f63b74284118e768a9740222e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...