Malicious code in as-ui-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a907d0f630e8178cb7ba1215d44dac15d4d698d71e40733cb66932ff43419de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Leaving non-persistent virtual machines of the provisioning scheme at the hypervisor is not allowed.

Unable to delete orphaned VMs by using Powershell from catalog which has already been removed via Powershell. When running command: Remove-ProvScheme The below error is seen: "Leaving the non-persistent virtual machines of the provisioning scheme 'provisioning scheme name' at the hypervisor is no...

ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2023-40028 via ghost (>=0.11.14 <=1.26.2)

ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2023-40028 Source advisory: OSV:GHSA-9C9V-W225-V5RG...

Malicious code in tianfengqwe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6f7db121452a5fc346f93dedc863aa336e3aaa04145c00616f4e237f003f93f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle AitM attacks at the...

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality ...

Moderate: Red Hat Security Advisory: VolSync 0.6.3 security fixes and enhancements

VolSync v0.6.3 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: VolSync 0.5.4 security fixes and enhancements

VolSync v0.5.4 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Hackers Abusing Cloudflare Tunnels for Covert Communications

New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security,...

Cross site scripting

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks...

CVE-2023-37499

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

CVE-2023-37500

A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...

Cross site scripting

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

Cross site scripting

A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...

CVE-2023-37501 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Campaign

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks...

CVE-2023-37501

The CVE-2023-37501 entry describes a persistent XSS vulnerability in a field of Unica Campaign. Affected product: HCL Unica Campaign (field-level XSS). Root cause: improper sanitization in a specific input field allows injecting script that can hijack user sessions and enable further attacks. Exp...

CVE-2023-37499 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

PT-2023-25998 · Unknown · Unica Campaign

Name of the Vulnerable Software and Affected Versions: Unica Campaign affected versions not specified Description: A Persistent XSS issue can be exploited in a certain field, allowing an attacker to hijack a user's session and perform other attacks. Recommendations: At the moment, there is no...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS bas...

CVE-2023-39016

bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument...