36 matches found
EUVD-2025-140097
Malicious code in miusan-nab-munst npm...
EUVD-2020-3850
Malware in sbrugna...
Malicious code in @zalastax/nolb-_nab (npm)
The package @zalastax/nolb-nab was found to contain malicious code...
MAL-2025-10249 Malicious code in @zalastax/nolb-_nab (npm)
The package @zalastax/nolb-nab was found to contain malicious code...
nab-dairy.ir Cross Site Scripting vulnerability OBB-3571259
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview nab-chat-widget is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
Malicious code in nab-chat-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3282e7d700011745064925e0748cac1ec1b476b97086e633a6c18a9fcc04bf2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4779 Malicious code in nab-chat-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3282e7d700011745064925e0748cac1ec1b476b97086e633a6c18a9fcc04bf2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security...
Malicious code in nab-trade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b35f87df361ee9e2e6d87ce932e38aa60d208ed3c875641685778a8a82d10635 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-447 Malicious code in @nab-trade/mnt-prod (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b85a717dd942a99927d88b18c4be4c0103949e7a22901db0ce38f4b0827e5c78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nab-trade/mnt-prod (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b85a717dd942a99927d88b18c4be4c0103949e7a22901db0ce38f4b0827e5c78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4781 Malicious code in nab-trade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b35f87df361ee9e2e6d87ce932e38aa60d208ed3c875641685778a8a82d10635 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nab-packages-react-utils-nab (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8120362995adcf1dfb405249ecc06115b8f7bd48d9d3a2e81c3b601830d66c9e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
CVE-2020-11497
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step...
CVE-2020-11497
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step...
Authentication flaw
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step...
CVE-2020-11497
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step...
CVE-2020-11497
The CVE-2020-11497 entry concerns the WordPress WooCommerce NAB Transact plugin (version 2.1.0). A payment bypass vulnerability exists because the plugin does not validate the origin of payment processor status requests, allowing an attacker to mark orders as fully paid by issuing a crafted GET r...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass Vulnerability
Exploit for php platform in category web applications Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura...