MAL-2025-12517 Malicious code in @zalastax/nolb-ngp (npm)

The package @zalastax/nolb-ngp was found to contain malicious code...

Malicious code in @zalastax/nolb-ngp (npm)

The package @zalastax/nolb-ngp was found to contain malicious code...

Medtronic NGP 600 Series 安全漏洞

The Medtronic NGP 600 Series is a line of insulin pumps and accessories from Medtronic, Inc. A security vulnerability exists in Medtronic NGP 600 Series version 2.4, which originates from the exploitation of wireless signals that require proximity to the patient and the device. The following...

CISA Releases Eight industrial Control Systems Advisories

CISA has released eight 8 Industrial Control Systems ICS advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories...

ngp-ua.info Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1171855 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

ngp-ua.info XSS vulnerability

Open Bug Bounty ID: OBB-601368 Description| Value ---|--- Affected Website:| ngp-ua.info Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Design/Logic Flaw

An administration page in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors...

CVE-2009-3920

An administration page in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors...

CVE-2009-3919

Cross-site scripting XSS vulnerability in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."...

CVE-2009-3919

Cross-site scripting XSS vulnerability in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."...

CVE-2009-3919

CVE-2009-3919 affects Drupal’s NGP COO/CWP Integration (crmngp) 6.x up to 6.x-1.12. It is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified user-supplied information. Remediation: upgrade to 6.x-1.12 or apply the officia...

CVE-2009-3920

An administration page in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors...

CVE-2009-3920

The CVE-2009-3920 affects the Drupal NGP COO/CWP Integration (crmngp) module for 6.x, specifically versions prior to 6.x-1.12. The root cause is insufficient access control on an administration page, which allows remote attackers to read log information through unspecified vectors. Exploitation d...

SA-CONTRIB-2009-094 - NGP COO/CWP Integration (crmngp) - Multiple Vulnerabilities

The NGP COO/CWP Integration module provides Drupal integration with the NGP Software API for efficient campaign management. An administration page did not properly implement access control thereby allowing untrusted users to view module log information. User-supplied information was not filtered ...