189 matches found
GHSA-GWHV-J974-6FXM MikroORM is vulnerable to SQL Injection via specially crafted object
Summary MikroORM versions = 6.6.9 and = 7.0.5 are vulnerable to SQL injection when specially crafted objects are interpreted as raw SQL query fragments. Impact If user-controlled input is passed directly to MikroORM query construction APIs, an attacker may inject raw SQL fragments. This can lead ...
CVE-2018-1000198
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document...
CVE-2018-1000190
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
EUVD-2025-198515
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504
CVE-2025-0504 affects Black Duck SCA versions prior to 2025.10.0. The root cause is an overly broad configuration of user role permissions: a scoped Project Manager with Global User Read access could access Project Administrator functionalities that should be inaccessible. Consequence: potential ...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
PT-2025-47803
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
Black Duck SCA 安全漏洞
Black Duck SCA is a software composition analysis tool from Black Duck USA. A security vulnerability exists in Black Duck SCA versions prior to 2025.10.0 that stems from an overly broad configuration of user role permissions, which could lead to unauthorized project configuration changes or acces...
EUVD-2025-117417
Malicious code in electrical-orange-duck npm...
EUVD-2025-117058
Malicious code in straight-blush-duck npm...
MAL-2025-138685 Malicious code in electrical-orange-duck (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d44d82b614e64e0f96c58167da3c1f3037dac79370f7c384d319bdf588caa485 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-101970
Malicious code in suspiciousduckz3n npm...
EUVD-2025-99751
Malicious code in diverseduckz3n npm...
EUVD-2025-102981
Malicious code in probableduckz3n npm...
EUVD-2025-106632
Malicious code in amusedduckz3n npm...
MAL-2025-118685 Malicious code in amused_duck_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f5ff3abbef3f397f941417cc0c53b3fde2584cba9d0efebf184702e1bab300 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-95874
Malicious code in outerduckz3n npm...