Lucene search
K

8751 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:21 p.m.3 views

Malicious code in superapp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8661287acb0d1449413e363c682ab1d8cc1815d42b6c36e957f78dfeb8d4e54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:21 p.m.3 views

Malicious code in ember-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc242e9ee4713b30aee81ff739dc19c110f1e9753eaccefd8d26de3f2a9c2e5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/06/20 4:0 p.m.22 views

How one Microsoft software engineer works to improve access management

There’s still a perception that the most successful computer scientists learn programming at a young age, study engineering at a top school, and then get a software development job right out of college. While that’s how many people enter the field, it’s not the only path. Microsoft Software...

7.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/06/20 4:0 p.m.14 views

How one Microsoft software engineer works to improve access management

There’s still a perception that the most successful computer scientists learn programming at a young age, study engineering at a top school, and then get a software development job right out of college. While that’s how many people enter the field, it’s not the only path. Microsoft Software...

7.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 7:27 a.m.3 views

Malicious code in ui-extensions-dev-console-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f16840f7273c569f73bfa9dbed041fcb7c6e26a8ae579a37e2a293da82a7aff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 7:27 a.m.3 views

Malicious code in sdk-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8de66f690acbb62cee826234fc58f16d56e1adcedc66f23059dcef93e5b1f158 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2022/06/17 12:30 p.m.66 views

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

7.7AI score
Exploits0References2
CNVD
CNVD
added 2022/06/16 12:0 a.m.22 views

Neetai Tech SQL Injection Vulnerability

Neetai Tech is a web development, GST software and accounting software from Neetai India.Neetai Tech is vulnerable to SQL injection, which can be exploited by attackers to cause sql injection issues via manipulation of the /product.php file...

9.8CVSS4.1AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.16 views

SAP NetWeaver Development Infrastructure跨站脚本漏洞

SAP NetWeaver Development Infrastructure is an SAP company that provides a consistent development environment, development teams, and support for software development throughout the product lifecycle. A cross-site scripting vulnerability exists in SAP NetWeaver Development Infrastructure, which c...

6.1CVSS1.4AI score0.01024EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/06/15 12:0 a.m.6 views

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

7.8CVSS7.5AI score0.01142EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/14 7:15 p.m.3 views

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

6.1CVSS5.9AI score0.01024EPSS
Exploits0References2
CVE
CVE
added 2022/06/14 6:35 p.m.68 views

CVE-2022-29618

The connected records confirm a cross-site scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository) affecting versions 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient input validation that lets an unauthenticated attacker inject script into the URL, ...

6.1CVSS6.3AI score0.01024EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.3 views

SAP NetWeaver Developer Studio 代码问题漏洞

SAP NetWeaver Developer Studio is a Java part of the integrated development environment IDE of the German company SAP. SAP NetWeaver Developer Studio is vulnerable to a code issue that could be exploited by an attacker to cause a loss of confidentiality and integrity...

3.6CVSS5.7AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.7 views

PT-2022-2970 · Intel +9 · Sgx Psw +12

Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to incomplete cleanup in specific special register write operations, which may allow an authenticated user to potentially enable information disclosure via...

9.8CVSS7.6AI score0.12746EPSS
Exploits104References1368
CNVD
CNVD
added 2022/06/13 12:0 a.m.22 views

Vapor Denial of Service Vulnerability

Vapor is a Swift web development framework. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. A denial-of-service vulnerability exists in Vapor versions prior to 4.61.1 that stems from not properly handling incoming error messages and can be...

7.5CVSS7.3AI score0.0149EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.16 views

npm Devcert Denial of Service Vulnerability

Devcert is a package for SSL development from npm, Inc. A denial of service vulnerability exists in versions prior to Devcert 1.2.1, which stems from triggering an exponential ReDoS regular expression denial of service in the Devcert package. An attacker could exploit this vulnerability to cause ...

5CVSS5.1AI score0.006EPSS
Exploits1Affected Software1
The Coalfire Blog
The Coalfire Blog
added 2022/06/08 5:41 p.m.12 views

Security as a differentiator: How to market the secure customer experience

Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfires Cloud Advisory Board and my colleague Gail Coury eloquently pointed out in our recent Securealities Report, Smartest Path to DevSecOps...

1.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/06/08 12:27 p.m.1 views

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.02651EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/06/07 2:28 a.m.41 views

CVE-2021-4231

A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting XSS in development, with Server-side rendering SSR enabled...

5.4CVSS2.9AI score0.01053EPSS
Exploits0References3
CVE
CVE
added 2022/06/06 7:30 p.m.63 views

CVE-2022-24896

CVE-2022-24896 affects Tuleap versions prior to 13.7.99.239. The vulnerability stems from improper authorization checks when displaying content in the Tracker Report Renderer and Chart widgets, allowing an attacker to disclose the name of trackers and the fields used in reports. Impact is informa...

4.3CVSS4.5AI score0.00726EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder