Malicious code in fbjs-opensource (npm)

The package fbjs-opensource was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2dac438ef7432e162ead36cdd4121d9b31b47eaa1eb4ce24c0e577655dc496a5 This package installs a dependency hosted on a custom domain that runs an...

TencentOS Server 2: virtuoso-opensource (TSSA-2025:0326)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0326 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2024-0302

A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2024-0301

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2023-27088

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...

CVE-2021-29326

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c...

CVE-2021-29329

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c...

CVE-2021-29328

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c...

CVE-2021-29324

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c...

CVE-2021-29327

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxArrayBuffer function at /moddable/xs/sources/xsDataView.c...

CVE-2021-29323

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c...

CVE-2019-15560

The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js...

MAL-2025-3704 Malicious code in opensource.ripple.com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis db6640c2642fecbcd1114796262a8099bf2f0db6e5f020af28ce841c8f35e27a The OpenSSF Package Analysis project identified 'opensource.ripple.com' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

Malicious code in opensource.ripple.com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis db6640c2642fecbcd1114796262a8099bf2f0db6e5f020af28ce841c8f35e27a The OpenSSF Package Analysis project identified 'opensource.ripple.com' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

Oracle Linux 7 : virtuoso-opensource (ELSA-2025-4039)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4039 advisory. 1:6.1.6-7.0.1 - Back port fix for CVE-2024-57656 Orabug:37856848 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHSA-2025:4039 Red Hat Security Advisory: virtuoso-opensource security update

Bulletin has no description...

Important: Red Hat Security Advisory: virtuoso-opensource security update

An update for virtuoso-opensource is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 7 : virtuoso-opensource (RHSA-2025:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4039 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains...

The vulnerability of the itc_hash_compare component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the itchashcompare component in the Virtuoso-opensource web application development platform is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially...

The vulnerability of the psiginfo component in the virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the psiginfo component in the virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially crafted SQL...