Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

CVE-2026-28211

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

Malicious code in src_dev-tool_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6c5f130294b305df1adf1e497c66d81ec09ddeffb8bb6d0c486644336706558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cookie without Secure flag

Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept...

Authentication cookie without Secure flag

Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept Link photo:...

Stylelint has vulnerability in semver dependency

Summary Our meow dependency which we use for our CLI depended on [email protected] . A vulnerability in this version of semver was recently identified and surfaced by npm audit: Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw Details Original post by the...

Sensitive Cookie Without Secure Flag

Description Access and login to the demo website: https://demo.openitcockpit.io/ Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. CookieAuth, csrfToken Proof of Concept Link imag...

Sensitive Cookie Without HttpOnly Flag

Description Access and login to the demo website: https://demo.openitcockpit.io/ Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there is CookieAuth sensitive cookie without HttpOnly flag. Proof of Concept Link image evidence:...

Cookie without Secure attribute

Description At the moment, memossession has the value false at secure flag. Proof of Concept 1. Access to web demo https://demo.usememos.com/ 2. Use browser's dev tool to check the cookie, we can see there is a memossession having value false at Secure...

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and access to the website, in this scenario I use the demo website. Check the cooki...

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-magefile-mage-1.11.0-6.fc36

A Make/rake-like dev tool using Go...

[SECURITY] Fedora 35 Update: golang-github-magefile-mage-1.11.0-5.fc35

A Make/rake-like dev tool using Go...

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-magefile-mage-1.11.0-5.fc36

A Make/rake-like dev tool using Go...

@aikosia/automaton (>=0.6.0 <=0.8.1), @aikosia/automaton-cli (>=0.2.1 <=0.3.5) +27 more potentially affected by CVE-2020-7718 via gammautils (>=0.0.2 <=0.0.81)

gammautils NPM version =0.0.2, =0.6.0, =0.2.1, =0.9.0, =0.1.5, =1.0.49, =9.0.0, =0.1.44, =0.1.22, =0.1.20, =1.0.1, =0.0.9, =0.0.7, =0.0.8 and more Source cves: CVE-2020-7718 Source advisory: OSV:GHSA-PGMG-GF5P-54J8...