MAL-2024-10283 Malicious code in autoadv (npm)

The package contains code to download and execute an infostealer payload...

MAL-2024-10297 Malicious code in upgrade-roblox (npm)

The package contains code to download and execute an infostealer payload. --- -= Per source details. Do not edit below this line.=-...

MAL-2024-10288 Malicious code in inject.dll (npm)

The package contains code to download and execute an infostealer payload. --- -= Per source details. Do not edit below this line.=-...

MAL-2024-10294 Malicious code in robloxbootstrapper (npm)

The package contains code to download and execute an infostealer payload. --- -= Per source details. Do not edit below this line.=-...

MAL-2024-10289 Malicious code in node-dlls (npm)

The package contains code to download and execute an infostealer payload. --- -= Per source details. Do not edit below this line.=-...

CVE-2024-48112

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

CVE-2024-51300

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getrrd function...

CVE-2024-9489

CVE-2024-9489 involves Autodesk AutoCAD where parsing a malicious DWG file in ACAD.exe can trigger a memory corruption vulnerability. The description and related sources indicate possible outcomes include a crash, reading/writing sensitive data, or arbitrary code execution within the process cont...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from Autodesk, Inc. in the United States. Autodesk AutoCAD suffers from a buffer error vulnerability that originates when a maliciously crafted DWG file is parsed, which may force an out-of-bounds write to occur, which can be exploit...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CycloneDX cdxgen may execute code contained within build-related files

CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...

Unspecified Vulnerability in Mitel MiCollab

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A security vulnerability exists in Mitel MiCollab, which can be exploited by remote attackers to elevate privileges and execute arbitrary comman...

Malicious code in oneui.angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bbff39f683b1b6c064ebc065aae50d8fd4123b1b53b7f90bed51db2d19562a6e The OpenSSF Package Analysis project identified 'oneui.angular' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...

CVE-2024-48235

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file...

CVE-2024-48654

Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component...

CVE-2024-48204

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script...

CVE-2024-48579

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request...