8751 matches found
Malicious code in superapp-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8661287acb0d1449413e363c682ab1d8cc1815d42b6c36e957f78dfeb8d4e54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ember-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc242e9ee4713b30aee81ff739dc19c110f1e9753eaccefd8d26de3f2a9c2e5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
How one Microsoft software engineer works to improve access management
There’s still a perception that the most successful computer scientists learn programming at a young age, study engineering at a top school, and then get a software development job right out of college. While that’s how many people enter the field, it’s not the only path. Microsoft Software...
How one Microsoft software engineer works to improve access management
There’s still a perception that the most successful computer scientists learn programming at a young age, study engineering at a top school, and then get a software development job right out of college. While that’s how many people enter the field, it’s not the only path. Microsoft Software...
Malicious code in ui-extensions-dev-console-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f16840f7273c569f73bfa9dbed041fcb7c6e26a8ae579a37e2a293da82a7aff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sdk-release (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8de66f690acbb62cee826234fc58f16d56e1adcedc66f23059dcef93e5b1f158 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
LambdaGuard - AWS Serverless Security
AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...
Neetai Tech SQL Injection Vulnerability
Neetai Tech is a web development, GST software and accounting software from Neetai India.Neetai Tech is vulnerable to SQL injection, which can be exploited by attackers to cause sql injection issues via manipulation of the /product.php file...
SAP NetWeaver Development Infrastructure跨站脚本漏洞
SAP NetWeaver Development Infrastructure is an SAP company that provides a consistent development environment, development teams, and support for software development throughout the product lifecycle. A cross-site scripting vulnerability exists in SAP NetWeaver Development Infrastructure, which c...
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...
CVE-2022-29618
Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...
CVE-2022-29618
The connected records confirm a cross-site scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository) affecting versions 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient input validation that lets an unauthenticated attacker inject script into the URL, ...
SAP NetWeaver Developer Studio 代码问题漏洞
SAP NetWeaver Developer Studio is a Java part of the integrated development environment IDE of the German company SAP. SAP NetWeaver Developer Studio is vulnerable to a code issue that could be exploited by an attacker to cause a loss of confidentiality and integrity...
PT-2022-2970 · Intel +9 · Sgx Psw +12
Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to incomplete cleanup in specific special register write operations, which may allow an authenticated user to potentially enable information disclosure via...
Vapor Denial of Service Vulnerability
Vapor is a Swift web development framework. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. A denial-of-service vulnerability exists in Vapor versions prior to 4.61.1 that stems from not properly handling incoming error messages and can be...
npm Devcert Denial of Service Vulnerability
Devcert is a package for SSL development from npm, Inc. A denial of service vulnerability exists in versions prior to Devcert 1.2.1, which stems from triggering an exponential ReDoS regular expression denial of service in the Devcert package. An attacker could exploit this vulnerability to cause ...
Security as a differentiator: How to market the secure customer experience
Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfires Cloud Advisory Board and my colleague Gail Coury eloquently pointed out in our recent Securealities Report, Smartest Path to DevSecOps...
OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
CVE-2021-4231
A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting XSS in development, with Server-side rendering SSR enabled...
CVE-2022-24896
CVE-2022-24896 affects Tuleap versions prior to 13.7.99.239. The vulnerability stems from improper authorization checks when displaying content in the Tracker Report Renderer and Chart widgets, allowing an attacker to disclose the name of trackers and the fields used in reports. Impact is informa...