GHSA-3FJ7-78H2-W98X Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability

Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to create and delete XPath expressions. Additionally, these HTTP endpoints do not require POST requests, resulting in a...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

cbi.mit.edu Cross Site Scripting vulnerability OBB-2680913

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview create-sprinklr-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

Malicious Package

Overview action-create-release-pr is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in eks-auto-create-idp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abe5220ea6202484d070bbe62ba66ccb40f7d0b230bcfb2a4208d4aec4877ac7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2682 Malicious code in eks-auto-create-idp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abe5220ea6202484d070bbe62ba66ccb40f7d0b230bcfb2a4208d4aec4877ac7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5396 Malicious code in polaris-example-create-react-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b09d3e19b74639bb4f35c359140d1a531e719d2e9b76e549ef67c8953446e25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in action-create-release-pr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f9c096fa3bf9d38477488398a8d49d517f96c85896b4312ef8e8771336c43a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-831 Malicious code in action-create-release-pr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f9c096fa3bf9d38477488398a8d49d517f96c85896b4312ef8e8771336c43a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CreateProcessW (>=0.1.0 <=0.1.2), UWUWUW (>=0.13.2 <=0.13.4) +186 more potentially affected by unknown CVE via windows (>=0.20.1 <=0.30.0)

windows CARGO version =0.20.1, =0.1.0, =0.13.2, =0.1.0, =1.0.0, =1.0.0, =1.8.0, =0.0.6, =0.0.4, =0.1.0, =0.1.0, =0.4.0, =0.4.1 - btleplug =0.9.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X4MQ-M75F-MX8M...

CVE-2022-31294

An issue in the saveusers function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts...

CVE-2022-31294

An issue in the saveusers function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts...

CVE-2022-31217

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

CVE-2022-20183

In hypxcreateblobdmabuf of faceauthhypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...