Malicious code in omise-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd9b3fdf30ee1fe797c8e5dae15567ab22d58f003ac1d570f2b6655af66dd5a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9427 Malicious code in omise-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd9b3fdf30ee1fe797c8e5dae15567ab22d58f003ac1d570f2b6655af66dd5a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in isomorphic-random-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9673 Malicious code in isomorphic-random-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9607 Malicious code in example-gtm (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in example-gtm (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in braintree_express_example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d099bf20fe3b1d17efadfd0e185e8a178edf635e5754d26c3710e5b99c2a1404 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-43485

A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this...

Exploit for Code Injection in Crushftp

EN GenCrushSSTIExploit is a PoC exploit tool targeting the...

Malicious code in arkose-vue2-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9008418a813522522804dfaf58f73128ae52ca85667b506962284ddbfc3141bf The OpenSSF Package Analysis project identified 'arkose-vue2-example' @ 1.0.0 npm as malicious. It is considered malicious because: - The packag...

Exploit for CVE-2024-8504

ViciDial Exploit Suite Author: Havok Project URL: Vi...

auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...

BIT-AIRFLOW-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

Exploit for Missing Authorization in Sonaar Mp3_Audio_Player_For_Music\,_Radio_\&_Podcast

CVE-2024-7856 ★ CVE-2024-7856 Arbitrary File deletion PoC ★...

PYSEC-2024-266

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

CVE-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

CVE-2024-45498

CVE-2024-45498 concerns the Apache Airflow project. The vulnerability affects the example DAG named example_inlet_event_extra.py shipped with Airflow 2.10.0, where an authenticated attacker with only DAG-trigger permissions can execute arbitrary commands. Multiple sources (NVD, Red Hat, VERACODE,...

CVE-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

Apache Airflow 安全漏洞

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow version 2.10.0, which stems from mishandling in the...

PT-2024-31664 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.10.0 Description: The issue allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. This is related to the example DAG example inlet event extra.py shipped with Apache Airflow...