71 matches found
EUVD-2026-29384
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...
Do Not Install the rsync Service
The rsync service can synchronize data between servers or between local drive partitions. However, information leakage risks exist because rsync uses non-encrypted transmission protocols. If the rsync service is enabled and data is transmitted between servers over the network, attackers can...
CVE-2024-42501
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...
Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden
A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing…...
CVE-2023-26691
CVE-2023-26691 affects CS-Cart MultiVendor 4.16.1. A Directory Traversal vulnerability in the add-on installation ZIP processing may allow remote code execution when installing a new add-on. Affected software: CS-Cart MultiVendor 4.16.1. Impact stated: remote arbitrary code execution via crafted ...
MAL-2024-7369 Malicious code in @zitterorg/repellendus-ducimus (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c107ede46e319fb0c1f9d0133b1cbe3e2d88caf4c286a24b84b913b5f0663ac6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-4058
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...
MAL-2023-528 Malicious code in insidious_chapter_2_free_in_hindi_full__hd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 785f94c08bf5240b8f7677b0cd653c06681fa40d79952c9e0585fe50f91062f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2023-12984 · Onos · Onos
Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered in ONOS where an intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading ...
MAL-2023-545 Malicious code in jutsulepb- (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27d5faa74f07d2b58c491831146ed413f13b93f8b88abd784e08926ea85e74b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
TD Bank: Reflected XSS on marketsandresearch.td.com
Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...
Timescale TimescaleDB 访问控制错误漏洞
Timescale TimescaleDB is an open source database software from Timescale, Inc. It is designed to make SQL scalable for time series data. An access control error vulnerability exists in Timescale TimescaleDB versions 2.8.0 through 2.9.2, which occurs when, during installation, TimescaleDB creates ...
MAL-2022-4345 Malicious code in loashpbick (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31a2cbf252af1dbd723caf5771efedbd1baf7c8240452d146de401c1329f48bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install...
MAL-2022-728 Malicious code in @wix-ui/editor-elements-design-systems (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5c8d828f9016869c3426ca1f4d4aefe7d14e402feb469e95f1776f8c7b8a5ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-911 Malicious code in airbnb-geetest3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b808cd30e005ba1215664b345a8c60dcec5dc388e96743980d8da579646759f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7363 Malicious code in youtrack-exportable-work-items-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9f6a061ddcc82ed6b2d87dfc85057460d0e69c829ef7a659fc7b01dfeb1fe17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6002 Malicious code in selfservicedesk-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd15611b0620a0e4b4e70f19c0fe6058ebbeb8175955f1290498bb37da11a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...