MAL-2024-1842 Malicious code in browserstack-docker-example (npm)

--- -= Per source details. Do not edit below this line.=-...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Resumen Técnico del Ataque: CVE-2023-46604 El script explota un...

PT-2024-40322 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: silverstripe/framework affected versions not specified Description: The issue concerns an XSS vulnerability in the Page name of silverstripe/framework. It can be triggered by a payload such as ", which results in an XSS alert. Recommendations...

UBUNTU-CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...

org.apache.hugegraph:hugegraph-dist (=1.0.0), org.apache.hugegraph:hugegraph-example (=1.0.0) +1 more potentially affected by CVE-2024-27349 via org.apache.hugegraph:hugegraph-api (>=1.0.0 <=1.2.0)

org.apache.hugegraph:hugegraph-api MAVEN version =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2024-27349 Source advisory: OSV:GHSA-6MGP-P75R-VHJM...

Exploit for Deserialization of Untrusted Data in Torrentpier

CVE-2024-1651 This CVE was discovered by Carlos Bello from the...

GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints

This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...

BIT-AIRFLOW-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

BIT-AIRFLOW-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

CVE-2024-0864 RCE in Laragon

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...

com.bitbreeds.webrtc:webrtc-example (=0.2.5), com.bitbreeds.webrtc:webrtc-signaling (=0.2.5) +504 more potentially affected by CVE-2024-22371 via org.apache.camel:camel-core (>=3.0.0 <=3.21.3)

org.apache.camel:camel-core MAVEN version =3.0.0, =3.0.0-M1, =3.11.0, =2.0.0, =2.0.0, =3.0.0, =2.3.0, =2.3.0, =2.3.0, =1.44.0-M1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-22371 Source advisory: OSV:GHSA-QPXM-689R-3849...

Exploit for Injection in Atlassian Confluence_Data_Center

Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

Exploit CVE-2023-22515 A simple basch script exploit for CV...

MAL-2024-1 Malicious code in squaredev-next-online-payments-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c12aadbc7b6d08bd4746e705c7507074eb759ac60f260bdf9a59cd85d966a45b The OpenSSF Package Analysis project identified 'squaredev-next-online-payments-example' @ 99.0.0 npm as malicious. It is considered malicious...

Malicious code in squaredev-next-online-payments-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c12aadbc7b6d08bd4746e705c7507074eb759ac60f260bdf9a59cd85d966a45b The OpenSSF Package Analysis project identified 'squaredev-next-online-payments-example' @ 99.0.0 npm as malicious. It is considered malicious...

Exploit for Code Injection in Sitecore Experience_Commerce

CVE-2023-35813 Exploit for CVE-2023-35813 example use:...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence Pre-Auth Remote Code Execution via OGNL Injection...

Malicious code in app-next-example-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8ca79ef64add6f7047e7d406bfa4128511f415f4e21c16722d1da3c6d4d14721 The OpenSSF Package Analysis project identified 'app-next-example-plugin' @ 3.3.3 npm as malicious. It is considered malicious because: - The...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 A scanning utility and PoC for CVE-2023-50164...