1622 matches found
Malicious Package
Overview wagmi-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
be.cylab.mark:client (>=0.0.20 <=2.6.0), be.cylab.mark:core (>=0.0.20 <=2.6.0) +3 more potentially affected by CVE-2022-38749 via be.cylab:snakeyaml (=1.25.1)
be.cylab:snakeyaml MAVEN version =1.25.1 is affected by a known vulnerability. The following packages have a transitive dependency on be.cylab:snakeyaml and may be impacted: - be.cylab.mark:client =0.0.20, =0.0.20, =1.3.1, =0.0.22, =0.0.20, =2.3.0 Source cves: CVE-2022-38749 Source advisory:...
Hyundai Uses Example Keys for Encryption System
This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicles manufacturer had secured its system using keys that were not only publicly known but had been lifted from...
Internet Bug Bounty: CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag
Apache Airflow Docker's Provider shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Vulnerability summary: In DAG script of airflow 2.3.3, there is a command injection vulnerability RCE in the script exampledockercopydata.py of...
CVE-2022-38362
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...
CVE-2022-38362
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...
CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...
CVE-2022-38362
CVE-2022-38362 affects the Apache Airflow Docker provider prior to 3.0.0. The issue stems from an example DAG shipped with the provider and is exploitable via authenticated remote code execution on the Airflow worker host, involving a BashOperator call and a template-controlled parameter (source_...
Exploit for CVE-2022-30190
Five Nights at Follina's A Fullstack Academy Cybersecurity pro...
Exploit for CVE-2022-30190
Five Nights at Follina's A Fullstack Academy Cybersecurity pro...
WordPress SeatReg 1.23.0 Open Redirect
Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...
This Week in Spring - July 26th, 2022
Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...
Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting
The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woodiscountrules&name="+style=animation-name:rotation+onanimationstart=alert/XSS///...
Apache Tomcat 9.0.30 < 9.0.65 Cross-Site Scripting
The version of Apache Tomcat installed on the remote host is 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22 or 10.1.0-M1 to 10.1.0-M16. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability. The Form authentication example in the examples web application displayed user...
Malicious Package
Overview example-data-fetching is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview example-rust is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview example-typescript is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview example-api-routes is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview example-google-analytics is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview react-swipeable-wrapper-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...