CVE-2022-31540

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

MAL-2025-191403 Malicious code in prompt-eng-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50d13a939bff8534fbbcbd6ae07836fc1f121c90e239d09b6a76cd91e8e202c2 The package prompt-eng-server was found to contain malicious code. Source: google-open-source-security...

Malicious code in prompt-eng (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35ffadd9d8117a0735b89706cf5f82bd6ea30cf8e51c826efa41364bab2c362f The package prompt-eng was found to contain malicious code. Source: ghsa-malware d083c02cac026e95833622ff25f63998d1bf9eab18133d01efb0db5907a605f5 Any...

MAL-2025-190988 Malicious code in prompt-eng (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35ffadd9d8117a0735b89706cf5f82bd6ea30cf8e51c826efa41364bab2c362f The package prompt-eng was found to contain malicious code. Source: ghsa-malware d083c02cac026e95833622ff25f63998d1bf9eab18133d01efb0db5907a605f5 Any...

CVE-2025-9623

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

CVE-2025-9623

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

CVE-2025-9623

CVE-2025-9623 affects the WordPress plugin Admin in English with Switch . The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to and including 1.1, caused by missing or incorrect nonce validation on the enable_eng function. This allows unauthenticated attackers to modify a...

Malicious code in frontend-eng-interview (npm)

The package frontend-eng-interview was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f09fffefe345d37955487a3e97f7811a5efdbd3449f11fbaac021e1d542b3793 Any computer that has this package installed or running should be considered full...

WordPress plugin Admin in English with Switch 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Admin in...

Malicious code in eng-101-solutions-test (npm)

The package eng-101-solutions-test was found to contain malicious code...

MAL-2025-19653 Malicious code in eng-101-solutions-test (npm)

The package eng-101-solutions-test was found to contain malicious code...

Malicious code in @neednova/enterprise-eng (npm)

The package @neednova/enterprise-eng was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Oracle Siebel Server (October 2022 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing XMLBeans. Supported versions that are affected a...

Malicious Package

Overview claudeai-eng is a malicious package. This package mimics a tool for working with Claude, silently exfiltrating data and compromising developer environments. Remediation Avoid using all malicious instances of the claudeai-eng package. References - Vulnerability Report Credit: Leonid...

Malicious code in eng-intern-assessment-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

eng-tips.com Cross Site Scripting vulnerability OBB-3610999

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-20458

The logs of sensitive information PII or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey directly in logs, whic...

CVE-2022-22416

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force...

CVE-2022-31540

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

hin-eng-preprocessing 路径遍历漏洞

hin-eng-preprocessing is an English parallel corpus of NMT by individual developers in KD, Belarus. It is used to enhance IITB Hindi. A security vulnerability exists in hin-eng-preprocessing version 2019-07-16 and earlier, which stems from an incorrect call to Flask's sendfile function resulting ...