MAL-2024-946 Malicious code in dragon7-dc-vulntest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fbbb2c388456ad9304f06570c8ddd459764422103836f0fac928c631d96cfec The OpenSSF Package Analysis project identified 'dragon7-dc-vulntest' @ 6.6.6 npm as malicious. It is considered malicious because: - The packag...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

MAL-2024-136 Malicious code in librct (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1f5f02ff35835e34a22c3e1381a0888b755d52334e14e61160dff3b9ec4e08b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Design/Logic Flaw

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-23347

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application...

Security Bulletin: Vulnerabilities in PostgreSQL, Golang might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in PostgreSQL, and Golang Go. Vulnerabilities include causing a denial of service condition, sending a specially crafted request to launch further attacks against the affected system, and executing arbitrary code on the...

Cross site scripting

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

Malicious code in test-devoxx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94d087127b055251bef2c40e4c884c82c7f4e39f4631fa5995116fb9b1d65f4f The OpenSSF Package Analysis project identified 'test-devoxx' @ 0.0.2 npm as malicious. It is considered malicious because: - The package...

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free...

Malicious code in enchantv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f578b605e73b68aae8c1d8a9bd3f55b810839b2bccd720bccc7f887c2e0046c8 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

[SECURITY] [DSA 5585-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5585-1 [email protected] https://www.debian.org/security/ Andres Salomon December 21, 2023 https://www.debian.org/security/faq -...

CVE-2020-17485

A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources...

CE Phoenix 1.0.8.20 Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

MAL-2023-8555 Malicious code in otnet-ory-network-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a9ebfed32ec491b007a6c7e65f8ebae68d0acc3175b56442fa67e25fc916fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8440 Malicious code in mux-meet-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a7f1d733a701939944e87966e022ec92915cd460d6293ee215e0e838ce752e77 The OpenSSF Package Analysis project identified 'mux-meet-nextjs' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in xterm-addon-clipboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5cf6d3796e2698ca788f0833376dcbd11460b764506f5ffb63bdd8e71262113e The OpenSSF Package Analysis project identified 'xterm-addon-clipboard' @ 6.0.7 npm as malicious. It is considered malicious because: - The...

CVE-2016-1203

Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 Build427 and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded...

HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

MAL-2023-8256 Malicious code in zenfi-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9a75914f8d0929ed48294224224fab435793f654258889e4435c268b34d2ac4c The OpenSSF Package Analysis project identified 'zenfi-sdk' @ 1.5.2 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8227 Malicious code in nequi-aws-kms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f31f502dc3ccd6a55cacb7aaeb1c7e6d18a66345ca5b79b21809095bcf232fa7 The OpenSSF Package Analysis project identified 'nequi-aws-kms' @ 0.1.6 npm as malicious. It is considered malicious because: - The package...