MAL-2023-203 Malicious code in compute-starter-kit-assemblyscript-default (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d22fdf2ac6654a503fea802f494a8beb6fecb1b7b953919da1d01cd04e133958 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in google-bard724 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47d49aca642fc265e31226e596698a7acb317389a5c919dd055d972987d40090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-479 Malicious code in google-bard724 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47d49aca642fc265e31226e596698a7acb317389a5c919dd055d972987d40090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-851 Malicious code in test-op-solhint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f8f315fe20128ae26be541522255c4eeab47ec166f70e54ca5a2c6cb533ae67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wcc-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e55bf83a3393a668485fec2cbcb072ee078657ab4b98b80e3debd7ec3fb83057 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-809 Malicious code in standforusz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38e449c44fbf714a06802408135b28a615f92b1821aa601f9fa6e14f60f8f832 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Online Computer and Laptop Store Arbitrary File Upload Vulnerability (CNVD-2023-40599)

Online Computer and Laptop Store is an online computer and laptop store. An arbitrary file upload vulnerability exists in Online Computer and Laptop Store v1.0, which stems from a failure to restrict file uploads at /classes/Users.php?f=save, and can be exploited by an attacker to cause remote co...

USN-6085-1 linux-raspi vulnerabilities

It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...

orioncomputerworld.nl Cross Site Scripting vulnerability OBB-3347025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-31857

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save...

Remote code execution

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save...

CVE-2023-31857

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save...

CVE-2023-31857

CVE-2023-31857 affects Sourcecodester Online Computer and Laptop Store 1.0. The vulnerability is an unrestricted file upload via the endpoint /classes/Users.php?f=save, enabling remote code execution. References and metadata consistently describe this path and the high impact (CVSS 3.1: 9.8, NET/...

Malicious code in yaml2binary (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e557012b685f3c77bcab7d7fd0961cf479e7010b4ce9af898f807cf429b1b242 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-451 Malicious code in flying_pusher (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9091b084b192777c6cbacc1b67d67b879e2cdceda2b68082e975394f648cac68 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-167 Malicious code in cfa-styleguide (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5562a6cb1d5f239216be52c28e8d316e8ffe0f490d11978863202a6fcfcbe8bc Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-46 Malicious code in @nokia-csf-uxr/csfwidgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39bbff0400a8d8025c9c214e1a4412729bd69e23c231e3307d61d05b54f8eb72 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1046 Malicious code in json2stringfy (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2e42c4a993125bac35486d178cd7356e08471fc96b79862efed3c64ae4f1d7d6 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

CVE-2023-2661

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit ha...

CVE-2023-2661

SourceCodester Online Computer and Laptop Store 1.0 is affected by CVE-2023-2661. The vulnerability resides in /classes/Master.php where manipulating the id parameter leads to an SQL injection. Exploitation can be remote, and public disclosures exist. Multiple sources (NVD CVSSv3.1 base 9.8; othe...