CVE-2024-47063

CVAT (Computer Vision Annotation Tool) contains a stored XSS vulnerability via the quality report data endpoint. A malicious user with task-creation/edit permissions can lure another logged-in user to a crafted URL, potentially executing scripts in the victim’s browser. Affected versions are prio...

MAL-2024-9054 Malicious code in jquery-ui-smoothness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbde2167eb940c597861a429b583a7e45ac7225bee0da328cc03ddbbcb363beb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-32382 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool versions 2.0.0 through 2.19.0 that originates from an attacker with an account that can retrieve certai...

The vulnerability in the `FillColorRow8` function of the `utils.cpp` component in the OpenCV library, which is used for computer vision, image processing, and numerical algorithms of general purpose, open-source nature, allows a perpetrator to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the FillColorRow8 function in the utils.cpp component of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, is related to buffer overflows. Exploiting this vulnerability could allow an attacker to gain access to...

SUSE CVE-2024-46843

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcdasyncscan fails during ufshcdprobehba before adding a SCSI host with scsiaddhost and M...

Malicious code in meraki-react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c83f2848053884da4ed2503526a13acf16087c512c728e406200da4b78084d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in font-lato-2-subset (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613318a5c7aecc4baa2401877fcc8216636e03d2487ca00748977bca9763ae8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9014 Malicious code in testdjallal-ui-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1743902cfe9e18cf0f325f256d6df25de8dbc811261f10d3c0f1861584e90b19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in them4on (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cf7aae5da80be4c617408e1862c8307fc970f6cbfdeac0d07c42d5694af6162 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9015 Malicious code in them4on (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cf7aae5da80be4c617408e1862c8307fc970f6cbfdeac0d07c42d5694af6162 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in autocomplete-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cd596b11e151bc765536ac31d81e6203896f3f04dbbf52913aa3b6f1fd2c3e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8991 Malicious code in routerpairs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb612aca210fe84bdd281919ed0cb739a513925811411710570a6391c2d036fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in spiffetest.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7e0c969021c51af38deaa5a56acc3f6a7308ecf137e4051ed32c13918f6f002 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8984 Malicious code in spiffetest.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7e0c969021c51af38deaa5a56acc3f6a7308ecf137e4051ed32c13918f6f002 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8983 Malicious code in spiffe.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6eb1b449a426da8cb050cd7559c89a205d1bcc3ad27411fc486afe58b7ab357 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8982 Malicious code in djangosnippets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0bb7ea04063a1c85bc6858187976e5437ffa840e070088dd2b0c4406ebb728c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8989 Malicious code in dx-shared-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 606308070423ea9552fa204ea73e727dd3081035515bcc41c3d56fc3a18a1abe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

New Windows Malware Locks Computer in Kiosk Mode

Clever: A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware "locks" the user's browser on Google's login page with no obviou...

Malicious code in visa-ui-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd965500f041551c6ece4a137b88df7d7c601228f7e039a8130a8514a48b98e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...