Lucene search
K

61 matches found

Snyk
Snyk
added 2025/11/24 4:24 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/18 6:40 p.m.14 views

Permissive Regular Expression in tacquito

Impact The CVE is for a software vulnerability. Network admins who have deployed tacquito or versions of tacquito in their production environments and use tacquito to perform command authorization for network devices should be impacted. Tacquito code prior to commit...

9.8CVSS7.5AI score0.00442EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/10/18 6:40 p.m.10 views

GHSA-P5WF-CMR4-XRWR Permissive Regular Expression in tacquito

Impact The CVE is for a software vulnerability. Network admins who have deployed tacquito or versions of tacquito in their production environments and use tacquito to perform command authorization for network devices should be impacted. Tacquito code prior to commit...

7.6CVSS9.7AI score0.00442EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2024/03/29 5:3 p.m.556 views

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094-info - CVE-2024-3094 PoC Exploration https://gi...

10CVSS10AI score0.85974EPSS
Exploits40
OSV
OSV
added 2023/03/29 6:31 p.m.38 views

GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

7.1CVSS7AI score0.01016EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2023/02/26 7:8 a.m.244 views

Exploit for Improper Initialization in Linux Linux_Kernel

!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...

7.8CVSS7.4AI score0.88106EPSS
Exploits100
Metasploit
Metasploit
added 2023/02/15 7:51 p.m.692 views

GitLab GitHub Repo Import Deserialization RCE

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...

9.9CVSS9AI score0.86194EPSS
Exploits5
OSV
OSV
added 2022/08/18 7:15 p.m.16 views

GHSA-J3RV-W43Q-F9X2 React Editable Json Tree vulnerable to arbitrary code execution via function parsing

Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...

10CVSS9.3AI score0.01209EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 a.m.3 views

CVE-2022-31508

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.3AI score0.01213EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/07/11 12:53 a.m.14 views

CVE-2022-31503

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.6AI score0.01284EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/05/20 7:5 a.m.34 views

CVE-2022-1754 Integer Overflow or Wraparound in polonel/trudesk

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2...

8.4CVSS6.8AI score0.00977EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/04/26 9:19 p.m.79 views

Potential Captcha Validate Bypass in flask-session-captcha

Impact flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. The captcha.validate function would return None if passed no value e.g. by submitting a request with an empty form. If implementing users were checking th...

5.3CVSS0.6AI score0.01126EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/01/09 2:46 a.m.2 views

GSD-2022-1000007 colors.js 1.4.1 has an infinite loop added by the primary developer

colors.js had an infinite loop added by the primary developer in version 1.4.1 and 6.6.6 which was released on GitHub and NPM which reports it as having 3,179 dependent packages that rely upon it. Additionally the GitHub repo was wiped of all files. This appears to have been done intentionally in...

7.1AI score
Exploits0
OSV
OSV
added 2022/01/09 2:46 a.m.17 views

GSD-2022-1000008 faker.js 6.6.6 is broken and the developer has wiped the original GitHub repo

faker.js had it's version updated to 6.6.6 in NPM which reports it as having 2,571 dependent packages that rely upon it and the GitHub repo has been wiped of content. This appears to have been done intentionally as the repo only has a single commit so it was likjely deleted, recreated and a singl...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/11 9:9 p.m.208 views

Bugs Lurking in Cisco UC Provisioning Platform

The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution RCE with elevated privileges, researchers said. They...

10CVSS7.8AI score0.03023EPSS
Exploits3References5
Rapid7 Blog
Rapid7 Blog
added 2021/06/08 2:0 p.m.109 views

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)

Over the course of routine security research, Rapid7 researchers discovered that the Akkadian Provisioning Manager version 4.50.18, a provisioning solution for a Cisco Unified Communications environment, has a trio of vulnerabilities, which, when combined, can lead to remote code execution on the...

1.6AI score0.03023EPSS
Exploits3
Hacker One
Hacker One
added 2020/06/11 3:30 a.m.133 views

h1-ctf: [H1-2006] CTF Writeup

H1-2006 CTF Writeup I am fairly new to CTFs - this is just my second CTF after H1-415 CTF, at which I didn't get far at all. I think the most valuable thing I can do for anyone who comes across this writeup, is to describe exactly what I was thinking at each step along the way, including all my...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/06/07 7:6 p.m.118 views

h1-ctf: [H1-2006 2020] CTF Writeup

Summary: Multiple Vulnerabilities leading to full account takeover and access to restricted functions 1. Information Disclosure 2. Login 2FA Bypass 3. SSRF 4. Hardcoded validation 5. Sensitive information disclosure 6. Privilege Escalation 7. Payments 2FA Bypass through SSRF Steps To Reproduce: 0...

7.7AI score
Exploits0
Hacker One
Hacker One
added 2020/04/24 10:54 p.m.22 views

Shopify: CircleCI token in github repo allows for access to sensitive build information

While looking through some Shopify Github repos I came across the following CircleCI token: ca84774a88598f639b174d498c219163e04adbb2 in the js-buy-sdk repo. curl https://circleci.com/api/v1.1/me?circle-token=ca84774a88598f639b174d498c219163e04adbb2 returns information about the user which confirm...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2018/12/12 7:9 p.m.97 views

Paragon Initiative Enterprises: Github repo's wiki publicly editable

Hello Team, Primablock Github repo's wiki page is publicly editable. This enables an attacker to edit the wiki pages of the affected repo's. Adding content that may link to malicious code libraries that would be installed and used by developers or information that may mislead users. Links:...

0.5AI score
Exploits0
Rows per page
Query Builder