Malicious code in @loybung/inject (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2360caebc7c178c732c57b8da900d7e303a05b8a498693b6f6449abad8fbb19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pipreqs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94775693df8241bc82973cceb421a0a3263d044d7a810c724173c0b4ada361bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d3ceb026e94d925a50747700634d96a0e709e7c3882dac41638f6578a9e7228 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling "PathWiper". The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the...

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

Important: Red Hat Security Advisory: RHODF-4.16-RHEL-9 security update

Updated images are now available for RHODF-4.16-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

Malicious code in firefox-screenshots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d3138a26b7ea5f91361ed825aad5e3dc068f6b6655b68dd357565767f5ed968 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45879

The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 fixed in version 1.35.291, in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting XSS. To exploit the persistent XSS vulnerability, an attacker has to be authenticated to...

CVE-2024-45177

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting XSS attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site...

CVE-2024-40893

Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

CVE-2023-30968

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...

CVE-2023-30452

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

CVE-2023-30453

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...

CVE-2023-25810

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-25811

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma name parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...