com.foxinmy:easemob4j (>=1.1.0 <=1.1.3), com.foxinmy:umeng4j (>=1.1.0 <=1.1.3) +13 more potentially affected by CVE-2026-24819 via com.foxinmy:weixin4j-base (>=1.0 <=1.9.1)

com.foxinmy:weixin4j-base MAVEN version =1.0, =1.1.0, =1.1.0, =1.9.0, =1.4, =1.0, =1.9.0, =1.4, =1.0, =1.8.0, =1.0.9-RELEASE, =0.0.2, =0.0.3 - org.oxerr:spring-security-wechat-samples-helloworld =0.0.1 Source cves: CVE-2026-24819 Source advisory: SNYK:JAVA-COMFOXINMY-15128702...

MAL-2024-10559 Malicious code in embrace-helloworld (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27c1c70726566294b9958ec5ab9d3af0e2d5e1c3dc9451f07055c6b650bfbd50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in embrace-helloworld (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27c1c70726566294b9958ec5ab9d3af0e2d5e1c3dc9451f07055c6b650bfbd50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

elf-rss (>=2.5.0 <=2.5.4), gocqapi (>=0.1.3 <=0.1.4) +59 more potentially affected by CVE-2024-21624 via nonebot2 (>=2.0.0a16 <=2.1.3)

nonebot2 PYPI version =2.0.0a16, =2.5.0, =0.1.3, =1.2.0a0, =0.1.0, =0.1.0, =0.1.0, =0.3.4, =0.5.2, =2.0.0, =2.1.0 and more Source cves: CVE-2024-21624 Source advisory: OSV:GHSA-59J8-776V-XXXG...

@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +108 more potentially affected by CVE-2022-35961 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.7.0)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-35961 Source advisory: OSV:GHSA-4H98-2769-GH6H...

GitLab: Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities

I was digging through the gitlab-foss repository and noticed an interested pattern that seems to be adopted in a few places: the use of Forwardable with meta-programming over delegators, explicit attrreader methods or methodmissing. Heads up: the arbitrary file read vulnerability I demonstrate in...

helloworld.it XSS vulnerability

Open Bug Bounty ID: OBB-459711 Description| Value ---|--- Affected Website:| helloworld.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Chilkat Crypt - ActiveX Arbitrary File Creation/Execution

----------------------------------------------------------------------------- Chilkat Crypt Activex Component Arbitrary File Creation/Execution url: http://www.chilkatsoft.com File: ChilkatCrypt2.dll CLSID: 3352B5B9-82E8-4FFD-9EB1-1A3E60056904 ProgID: ChilkatCrypt2.ChilkatCrypt2.1 Descr.: Chilkat...