Malicious code in dow-load-the-idea-of-you-by-robinne-lee-on-audiobook-full-volumes- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4655dddb557aca9471834ace6307c0d91fb43b7a462099e53022715193df82f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dow-load-becoming-the-narcissists-nightmare-how-to-devalue-and-discard-the-narcissist-whil (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92cf782e425254e89048eca9c2e7b572c71ee3d117f3f3067078d5dbf33bbcdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in the-self-taught-programmer-the-definitive-guide-to-programming-professionally-by-cory-althoff-on-kin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8e8766974e7d3b55cae6c994c5db1430a00b75418500b55ce6336492915c633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Windows PE Parsing Integer Overflow Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Malicious code in oj-mithril-packages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5fee5d58e7e1464614f1aa017521ae6613da70897bbbc6ee11360593f419eca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mapi-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c898d0a405d3dbdd1d8f7534d31152e30eb107a587e3b71d6ebb46116d22746 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter...

ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2023-32235 via ghost (>=0.11.14 <=1.26.2)

ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2023-32235 Source advisory: OSV:GHSA-WF7X-FH6W-34R6...

Valve: Steam Deck Single Click Root Remote Code Execution

Vulnerability description not provided...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2023-31133 via ghost (>=0.11.14 <=1.26.2)

ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2023-31133 Source advisory: OSV:GHSA-R97Q-GHCH-82J9...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...

New Tomiris APT Group Targets Governments

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Tomiris is a Russian-speaking advanced persistent threat APT group that has been active since at least 2021 and is known for its use of sophisticated tactics and tools, including zero-day exploits and...

Cross site scripting

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars...

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars...

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars...

CVE-2023-31223

Dradis pre-4.8.0 is affected by a persistent XSS vulnerability exploitable by authenticated author users through avatars. Root cause relates to avatar handling; impact involves potential corruption of the browser context (XSS) with access to data in that session. Resolution per multiple sources: ...

CVE-2023-21087

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS bas...

Jenkins Plugin Azure Key Vault 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...