MAL-2024-8847 Malicious code in ethersscan-api (npm)

The package contains the BeaverTail infostealer malware associated with DPRK threat actors. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bdf32a4e45ba09760610d3f87cf8cfdae4d386a4ee4df99f1973ab577373620 Any computer that has this package installed or running shoul...

MAL-2024-8846 Malicious code in eslint-scope-util (npm)

The package contains the BeaverTail infostealer malware associated with DPRK threat actors. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c97eb42ab9ab02fd3a0e93acf449bb0fc75b1af462f6221cfca5d3b14588a0fb Any computer that has this package installed or running shoul...

CVE-2024-1744

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1...

CVE-2024-1744 IDOR in Ariva Computer's Accord ORS

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1...

CVE-2024-1744 IDOR in Ariva Computer's Accord ORS

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1...

CVE-2024-1744

CVE-2024-1744 affects Ariva Computer Accord ORS prior to 7.3.2.1. It is described as an Authorization Bypass Through User-Controlled Key that allows retrieval of embedded sensitive data, due to a flaw in the authorization mechanism when using a user-controlled key. The impact is exposure of embed...

MAL-2024-8832 Malicious code in tappp-tv-ui-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd1544816d5c47d2cf89aa1115143bf167835899d95470b01cb8f3a49c497835 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-18269

Name of the Vulnerable Software and Affected Versions Ariva Computer Accord ORS versions prior to 7.3.2.1 Description The issue allows unauthorized actors to retrieve embedded sensitive data, resulting in exposure of sensitive information. This is a critical vulnerability that affects the ability...

Malicious code in tcgplayer-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8872e81cbcd437acbedb9771171079c77c0f370055e0cc7423b96b7bdd9a75e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8827 Malicious code in tcgplayer-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8872e81cbcd437acbedb9771171079c77c0f370055e0cc7423b96b7bdd9a75e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8826 Malicious code in sigma-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3261ce8608a1d5df2dc6eea25790460c5c3acc3ff03c223d4ece32c799bde4e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8823 Malicious code in com.meta.xrpa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 368c4215055d53b01fa4f0e947a03d5f6b2cdd01a2a9be147dd9c074e53b6208 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45314 Flask-AppBuilder login form allows browser to cache sensitive fields

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

CVE-2024-45314

Removed by vendor...

MAL-2024-8800 Malicious code in saptiya (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e761bb75d4a0bad96ad666c358c5b3eccdc0f47e5e6622a536496b9ee2fa49b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vueoriu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e37d072267b4336c865f9892dd40672ccdaf4f2f336fc2fd304bd97f8eaed7c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hwpoepr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a002fd18d59f61bbe4732ac672a1deff9f0ba2f80a77258d0b25922390c3695 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nwoeuot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 404c842cda4850228eaab866c8ca078cca68d14b801275a10006a08d84eef350 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8813 Malicious code in xwuirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df36d2af53be006f85a47e0a26683a059038c7f0135c497743b6b0c318d7f1b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8774 Malicious code in hwpoepr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a002fd18d59f61bbe4732ac672a1deff9f0ba2f80a77258d0b25922390c3695 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...