Malicious code in @cloudplatform-single-spa/ml-inference-docker-run (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4867 Malicious code in @car-loans/deal-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Cross-Site Scripting (XSS)

PySpector is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to the HTML report generator inserting code snippets without sanitization, where the scanned Python file's JavaScript payload is interpolated into the report and an attacker can trigger execution by opening the...

CVE-2021-47881 dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute...

Malicious code in lookingan-konami53 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f70b3f7f383333b3a5b035d7b3344fb85aab81af4ddaeac03946ec987e1d955 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-33167

Stored cross-site scripting XSS vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote attackers to inject arbitrary web script or...

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)

Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 0.1 Tested on: Debian Linux CVE :...

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shel...

Design/Logic Flaw

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...

SUSE CVE-2020-19860

When ldns version 1.7.1 verifies a zone file, the ldnsrrnewfrmstrinternal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload...

Heap overflow

When ldns version 1.7.1 verifies a zone file, the ldnsrrnewfrmstrinternal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload...

CVE-2020-19860

When ldns version 1.7.1 verifies a zone file, the ldnsrrnewfrmstrinternal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload...

NLnet Labs ldns 缓冲区错误漏洞

NLnet Labs ldns is a DNS library from the NLnet Labs Nlnet Labs Foundation in the Netherlands that facilitates the programming of DNS tools. A security vulnerability exists in Nlnet Labs ldns that stems from a heap out-of-bounds read vulnerability in the ldnsrrnewfrmstrinternal function when...

CVE-2018-9081

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...

Custom Payload

Use custom string or file as payload. Set either PAYLOADFILE or PAYLOADSTR. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 0 include Msf::Payload::Single include...

JBoss JMX Console Beanshell Deployer WAR Upload And Deployment

$Id: jbossbshdeployer.rb 9596 2010-06-23 22:25:03Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...