Malicious code in zero-develop-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b25ede928413a72b6cfc25c807bc6f5902bd1b9d00f1d3d83624e237da613fb1 The package zero-develop-component-library was found to contain malicious code...

MAL-2026-1880 Malicious code in zero-develop-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b25ede928413a72b6cfc25c807bc6f5902bd1b9d00f1d3d83624e237da613fb1 The package zero-develop-component-library was found to contain malicious code...

CVE-2026-27938

The CVE-2026-27938 entry documents a command injection flaw in the WPGraphQL repository (wp-graphql/wp-graphql) prior to version 2.9.1, stemming from an unsafe use of ${{ github.event.pull_request.body }} inside the release.yml shell run block. When a PR from develop to master is merged, the PR b...

CVE-2024-39243

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editorsave...

Projects We develop 安全漏洞

Projects We develop is an event management software by Puneeth Reddy H C Individual Developer. A security vulnerability exists in Projects We develop version 1.0, which stems from the incorrect manipulation of the parameter proId in the file master/reviewaction.php, which could lead to an SQL...

EUVD-2008-5033

Malware in sbrugna...

EUVD-2008-5110

Malware in sbrugna...

CVE-2023-34100

Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...

CVE-2023-28116

Contiki-NG is an open-source, cross-platform operating system for internet of things IoT devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer packetbuf for processing o...

CVE-2023-0771

SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop...

UBUNTU-CVE-2021-3991

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...

PT-2024-11006 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to the 'develop' branch Dolibarr versions prior to 15.0.0 Dolibarr versions prior to 63cd063 Description: An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section t...

GHSA-M4GQ-X24J-JPMF Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack. This affects the built: - dist/mermaid.min.js -...

CVE-2023-48229 Out-of-bounds write in the radio driver for Contiki-NG nRF platforms

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the readframe function in...

Fedora: Security Advisory for indent (FEDORA-2024-74667e499e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in ext-frontend-identity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23a7d0539d44404b1c2e340d011eaa58dcad96a27d7d6aef90736d641da7ce39 The OpenSSF Package Analysis project identified 'ext-frontend-identity' @ 7.1.1-develop.9 npm as malicious. It is considered malicious because: ...

Gatsby develop server has Local File Inclusion vulnerability

Impact The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create ...

CVE-2023-30546 Contiki-NG has off-by-one error in Antelope DBMS

Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System CFS backend for the storage of data file...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...