CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...

Exploit for CVE-2022-30190

Five Nights at Follina's A Fullstack Academy Cybersecurity pro...

Exploit for CVE-2022-30190

Five Nights at Follina's A Fullstack Academy Cybersecurity pro...

WordPress SeatReg 1.23.0 Open Redirect

Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woodiscountrules&name="+style=animation-name:rotation+onanimationstart=alert/XSS///...

Apache Tomcat 9.0.30 < 9.0.65 Cross-Site Scripting

The version of Apache Tomcat installed on the remote host is 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22 or 10.1.0-M1 to 10.1.0-M16. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability. The Form authentication example in the examples web application displayed user...

Malicious Package

Overview example-data-fetching is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview example-typescript is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview example-rust is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview example-google-analytics is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview example-api-routes is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview react-swipeable-wrapper-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

Malicious code in nodejs-docs-samples-iot-mqtt-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a02c1e75441fabe4bcc6557ef33ce2bba5bdb671f2147161ddf0d05a90809ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fetchr-simple-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00c55fe8ab94290b13b577dde8ad8db6827bd0592b5d1ad48785168d04e39714 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3015 Malicious code in fetchr-simple-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00c55fe8ab94290b13b577dde8ad8db6827bd0592b5d1ad48785168d04e39714 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in conjure-receipe-example-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc11915a916778452b6763c69c17c41c18485b0a60c687985bb7c5b677882e0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2153 Malicious code in conjure-receipe-example-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc11915a916778452b6763c69c17c41c18485b0a60c687985bb7c5b677882e0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4435 Malicious code in lyft-node-sdk-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3fca88a5e88f640bd29c31780f0abe26a1265da8ebbb498b9d8017de5250fef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in monday-example-app-word-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b3c3fffedb87defe8c507e9f81253886a350cf6996c70a678032c6a597cc6fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...