Lucene search
K

33 matches found

OSV
OSV
added 2025/11/11 7:31 a.m.1 views

MAL-2025-101124 Malicious code in cruel_marmot_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93a91aa3d7308fec7e03a4ac11c999e5a2a415c1b501f127a436b0efdcba017 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2024/07/31 7:37 p.m.32 views

CVE-2024-41660 slpd-lite unauthenticated memory corruption

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon o...

9.8CVSS0.00856EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/07/03 7:5 a.m.43 views

FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks

The loader-as-a-service LaaS known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma,...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/01 12:44 p.m.32 views

Indian Software Firm's Products Hacked to Spread Data-Stealing Malware

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/23 10:45 a.m.27 views

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption E2EE. They called on the industry and governments to take urgent action to ensure public safety across social media platforms. "Priva...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/26 4:54 p.m.34 views

Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers

Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which...

7.4AI score
Exploits0
OSV
OSV
added 2024/03/06 11:12 a.m.18 views

BIT-MEDIAWIKI-2021-31552

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account and not...

5.5CVSS5.6AI score0.00576EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:11 a.m.15 views

BIT-MEDIAWIKI-2021-31554

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked...

5.5CVSS5.6AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:11 a.m.10 views

BIT-MEDIAWIKI-2021-36126

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a...

9.8CVSS9.4AI score0.01201EPSS
Exploits1References3
Prion
Prion
added 2023/11/10 7:15 a.m.21 views

Default credentials

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

7.5CVSS8.8AI score0.01414EPSS
Exploits1References2Affected Software2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/27 2:42 a.m.5 views

Malicious code in selfpongminehacked (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9c2060b33a5ebf65217d50cd8da507fad2a4b9de41e5ac2ae25e9ad0a6211b63 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2022/01/05 10:55 a.m.29 views

CVE-2021-22567 Bidirectional Override in Dart SDK

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a progra...

4.6CVSS5.1AI score0.00599EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/09/15 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2021-2450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.9AI score0.06132EPSS
Exploits0References2
OSV
OSV
added 2021/07/02 1:15 p.m.17 views

CVE-2021-36126

An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/05/18 3:30 p.m.25 views

GHSA-6QFG-8799-R575 Kubernetes kubectl cp Vulnerable to Symlink Attack

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

5.7CVSS5.9AI score0.0262EPSS
Exploits0References4
OSV
OSV
added 2021/04/22 3:15 a.m.17 views

CVE-2021-31554

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked...

5.4CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/04/22 3:15 a.m.21 views

Code injection

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked...

5.5CVSS5.5AI score0.00491EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2021/03/24 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2021-1706)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.3AI score0.00871EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/24 12:0 a.m.60 views

EulerOS 2.0 SP5 : spamassassin (EulerOS-SA-2021-1706)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this,...

7.2CVSS6.8AI score0.00871EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2021/03/19 2:52 p.m.33 views

CopperStealer Malware Targets Facebook and Instagram Business Accounts

A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...

7AI score
Exploits0References7
Rows per page
Query Builder