Lucene search
K

22 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added last week9 views

Malicious code in next-locomotive-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a11400eaa7dd74b24610ec815438de047089be7005b94c37717fa2b6f916ab6 The package's declared postinstall script reads the installer's OS username via os.userInfo.username and the machine hostname via os.hostname, compos...

6.2AI score
Exploits0References5
OSV
OSV
added 2026/07/02 12:0 a.m.6 views

MAL-2026-6772 Malicious code in @marketfront/customdealsfeed (npm)

The @marketfront/customdealsfeed package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.6 views

Malicious code in @marketfront/captchaservice (npm)

The @marketfront/captchaservice package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.7 views

Malicious code in @marketfront/navbar (npm)

The @marketfront/navbar package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

MAL-2026-6773 Malicious code in @marketfront/designsystemdevtool (npm)

The @marketfront/designsystemdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.8 views

MAL-2026-6783 Malicious code in @marketfront/infopopup (npm)

The @marketfront/infopopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.5 views

MAL-2026-6781 Malicious code in @marketfront/gotoauthpopup (npm)

The @marketfront/gotoauthpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/30 9:3 p.m.14 views

GHSA-85X2-R8XV-WW8C Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...

7.1CVSS5.7AI score0.00303EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/30 9:3 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization inconsistent permission checks for pages.access, pages.list, files.access, and files.list in the Panel and REST API. An attacker can gain unauthorized access to content or sensitive information by exploiting...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/30 9:3 p.m.10 views

Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...

7.1CVSS5.3AI score0.00303EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.7 views

CVE-2021-47729

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

5.1CVSS6.3AI score0.00253EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 9:31 p.m.5 views

EUVD-2021-34741

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

5.1CVSS5.8AI score0.00253EPSS
Exploits1References6
NVD
NVD
added 2025/12/09 9:15 p.m.9 views

CVE-2021-47729

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

5.4CVSS0.00253EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/09 8:45 p.m.22 views

CVE-2021-47729 Selea Targa IP Camera Stored Cross-Site Scripting via Files List

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

5.1CVSS0.00253EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/09 8:45 p.m.3 views

CVE-2021-47729 Selea Targa IP Camera Stored Cross-Site Scripting via Files List

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

5.1CVSS5.9AI score0.00253EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Selea Targa IP OCR-ANPR Camera 跨站脚本漏洞

Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. A cross-site scripting vulnerability exists in the Selea Targa IP OCR-ANPR Camera that stems from a stored cross-site scripting issue with the fileslist parameter, which could lead to the execution of arbitrary script...

5.4CVSS6.1AI score0.00253EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50248

Name of the Vulnerable Software and Affected Versions Selea Targa IP OCR-ANPR Camera affected versions not specified Description The Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting issue in the files list parameter. This allows attackers to inject malicious HTML and script...

5.1CVSS6AI score0.00253EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.6 views

CVE-2023-1612

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It...

9.8CVSS7.8AI score0.00744EPSS
Exploits1References1
OSV
OSV
added 2025/04/25 3:15 a.m.7 views

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

8.8CVSS5.8AI score0.00346EPSS
Exploits0References4
OSV
OSV
added 2020/12/23 4:15 p.m.7 views

CVE-2020-29551

An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...

9.1CVSS7.3AI score0.02834EPSS
Exploits2References4
Rows per page
Query Builder