7 matches found
MAL-2026-2965 Malicious code in build-metadata-logger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be01b550f3d8914aa6bd8659c9a410054e4e0bf9203d33e93478eb444e957b55 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...
Malicious code in lalalaopti (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 92031dd23356e3a0c484288f4488d15166db6251a4872ec009c6222eafce041d Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection Vulnerability
======================================================================= title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 = 20.02 in new versioning scheme fixed version: 22.1 CVE number: CVE-2022-26088 impact: Low homepage:...
BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 = 20.02 in new versioning scheme fixed version: 22.1 CVE number: CVE-2022-26088 impact: Low...
CVE-2021-28022
Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...
GHSA-CR67-78JR-J94P Local File Inclusion in domokeeper
All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows attackers t...