Malicious code in graphql.vscode-graphql-syntax (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a0d28da17294cea5d68bf358dd4576cf98bbc3d373b4add618e2c56ab5c18358 The OpenSSF Package Analysis project identified 'graphql.vscode-graphql-syntax' @ 99.99.99 npm as malicious. It is considered malicious because:...

CVE-2024-9508

CVE-2024-9508 affects Horner Automation Cscape. The vulnerability is a memory corruption issue in CSP file parsing that could allow an attacker to disclose information and execute arbitrary code. According to the sources, exploitation is local with low attack complexity and user interaction requi...

Liferay Portal 7.4.0 < 7.4.3.104 CSRF

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA tCross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through...

Liferay Portal 7.3.2 < 7.4.3.108 CSRF

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

openSUSE 15 Security Update : radare2 (openSUSE-SU-2024:0396-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0396-1 advisory. Update to version 5.9.8: - CVE-2024-29645: buffer overflow vulnerability allows an attacker to execute arbitrary code via the parsedie function boo123406...

CVE-2024-28138

Summary of CVE-2024-28138 : An unauthenticated attacker with network access to the affected device’s web interface can execute arbitrary system commands via the image processing script (msg_events.php / msg events.php) because the HTTP GET parameter data is not properly sanitized. This allows com...

CVE-2023-7298 Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software

A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2023-7298

CVE-2023-7298 concerns Autodesk FBX SDK. A crafted FBX file can trigger an Out-of-Bounds Write in the FBX parser, enabling a attacker to crash the process, corrupt data, or potentially execute arbitrary code in the affected product. Documented impacts include crash, data integrity risks, and remo...

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

CVE-2024-54935

CVE-2024-54935 describes a Stored Cross-Site Scripting (XSS) in the Kashipara E-learning Management System v1.0. The vulnerability is in /send_message_teacher_to_student.php and is exploitable via the my_message parameter, enabling remote attackers to inject and execute arbitrary scripts. Impact ...

CVE-2024-54936

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessage.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

CVE-2024-11501

CVE-2024-11501 concerns the WordPress Gallery plugin (versions

CVE-2024-11010 FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'defaultlang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2024-30963

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script...

CVE-2024-52564

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or...

CVE-2024-47133

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands...

CVE-2024-30963

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script...

CVE-2024-37860

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2amcl process...

CVE-2024-30961

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2btnavigator...

CVE-2024-30961

CVE-2024-30961 affects Open Robotics ROS2 Navigation2 (navigation2-humble and related nav2_bt_navigator). The vulnerability is described as an insecure permissions issue that enables a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. CVSS data indicate...