MAL-2025-1292 Malicious code in kraken-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de0bd6b283379718c5cc7051d586532589854100e79e3837ef82ba7ccbd61ace Any computer that has this package install...

Malicious code in tokocrypto-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 669fb8f29120a04d7fb997d7f18b5243d5b90b46b614e108e35658c93a0a5e83 Any computer that has this package install...

MAL-2025-1288 Malicious code in tokocrypto-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 669fb8f29120a04d7fb997d7f18b5243d5b90b46b614e108e35658c93a0a5e83 Any computer that has this package install...

Malicious code in xt-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4620b4c964cef23c75cd0562eabb2ff4b07f79eaf1dc268af62da2dcf99ee307 Any computer that has this package install...

MAL-2025-1284 Malicious code in xt-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4620b4c964cef23c75cd0562eabb2ff4b07f79eaf1dc268af62da2dcf99ee307 Any computer that has this package install...

MAL-2025-1279 Malicious code in probit-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b90c84ef211f2f9ce83ee001f131dc0beaf0a6c6bf8667374fb9f14e54ae6fe3 Any computer that has this package install...

Malicious code in probit-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b90c84ef211f2f9ce83ee001f131dc0beaf0a6c6bf8667374fb9f14e54ae6fe3 Any computer that has this package install...

MAL-2025-1274 Malicious code in toobit-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbef733acdf5215bfdef9bb31af40ec7e1bd2fb0cab3167cf10876e9020e971e Any computer that has this package install...

The vulnerability of the ScadaServer/ScadaServer/ScadaServerEngine/MainLogic.cs file in the SCADA system for developing automation control systems. This vulnerability allows a perpetrator to compromise the integrity of protected information.

The vulnerability of the ScadaServer/ScadaServer/ScadaServerEngine/MainLogic.cs file in SCADA systems for the development of automation systems is related to weak password requirements. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of protected informatio...

The vulnerability of the hnap_main function in the D-LINK GO-RT-AC750 router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the hnapmain function in the D-LINK GO-RT-AC750 router’s microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

PT-2025-3194 · Zulip · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0 through 9.3 Description: The issue concerns an information disclosure attack where an unauthenticated user can determine if an email address is in use by a user on a Zulip server hosting multiple organizations. There...

The vulnerability of the hnap_main() function in D-LINK DIR-806 wireless router software allows a hacker to execute arbitrary commands, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the hnapmain function in D-LINK DIR-806 wireless routers is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely, gain unauthorized...

GHSA-CWQ6-MJMX-47P6 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Scheduler.WebHome in a subwiki. Then, click on any operation e.g., Trigger on any job. If the operation is successful...

XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Scheduler.WebHome in a subwiki. Then, click on any operation e.g., Trigger on any job. If the operation is successful...

CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document...

PT-2024-36595 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 1.2-milestone-2 through 15.10.8 XWiki Platform versions 1.2-milestone-2 through 16.2.x Description: The issue allows any user with an account on the main wiki to run scheduling operations on subwikis. To reproduce, a...

path-to-regexp: Backtracking regular expressions cause ReDoS

A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, po...

Malicious code in my-main-manager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282 While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...

CVE-2017-13319

In pvmp3getmaindatasize of pvmp3getmaindatasize.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-36248

CVE-2024-36248 affects Sharp MFPs and related devices, where API keys for cloud services are hardcoded in the main binary. This root cause can enable exposure or misuse of cloud credentials by anyone gaining access to the device, potentially allowing unauthorized external access or data exposure ...