Deserialization of untrusted data

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint...

Malicious Package in m-backdoor

All versions of m-backdoor contain malicious code. The package downloads a file from a remote server and executes it as a preinstall script. At the time of the release of this advisory the downloaded file only defaces websites by removing elements randomly from the DOM. Recommendation Remove the...

CVE-2020-0806

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772...

CVE-2019-19728

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges...

OpenEMR Code Injection Vulnerability

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A code injection vulnerability exists in OpenEMR, which can be exploited by an...

WordPress gregs-high-performance-seo plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. gregs-high-performance-seo is an SEO Search Engine Optimization plugin used in it. A cross-site scripting vulnerability exists in the...

Malicious Package

calrd is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

next-util is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

midway-dataproxy is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

cicada-render is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

hsf-clients is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

diamond-clien is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

appx-compiler is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

tiar is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

secureidentityloginmodule is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

qingting is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2019-19316)

IBM Connections is a suite of social software platforms from IBM USA. The platform provides advanced analytics and real-time data monitoring capabilities and can accelerate web collaboration within and outside the organization through IBMSmartCloud services. A cross-site scripting vulnerability...

Malicious Package

rrgod is a malicious package designed run arbitrary scripts when installed. All versions of this package is considered malicious and must not be used. The package downloads a malicious file and executes the contents after installation...

GHSA-PHG2-9C5G-M4Q7 Remote Code Execution in spark-core

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...

CVE-2018-14928

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...