Malicious code in ricos-editor-with-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9aa4fc05d5690e1531b5c6ded8da6d238b6f9dc653ed7abd654f5159e697dc20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5792 Malicious code in ricos-editor-with-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9aa4fc05d5690e1531b5c6ded8da6d238b6f9dc653ed7abd654f5159e697dc20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5794 Malicious code in ricos-viewer-with-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04e88819999c0d345307d6463d7b8df1f10b2bfe74e24e06c8fca6397f247d19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rcv-with-media-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b87bcd5714bceeaac4632e986592400170fa242770fd2f93acac611c3a15726f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5615 Malicious code in rcv-with-media-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b87bcd5714bceeaac4632e986592400170fa242770fd2f93acac611c3a15726f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in plugin-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e9672c1d10cc9e8ae7d898f3b96987d487c768b9ddbcecb7159af7cf1697f3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5369 Malicious code in plugin-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e9672c1d10cc9e8ae7d898f3b96987d487c768b9ddbcecb7159af7cf1697f3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pages-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfe3d4394aecb07bd6acf8c1e4b1bad280125dda893323a1029ce6a468600546 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5190 Malicious code in pages-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfe3d4394aecb07bd6acf8c1e4b1bad280125dda893323a1029ce6a468600546 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross site request forgery (csrf)

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...

Jenkins plugins Multiple Vulnerabilities (2022-02-15)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple Pipeline-related plugins that perform on-controller SCM checkouts reuse the same workspace directory for checkouts of distinct SCM...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability. The Confidentiality pillar is intended to prevent...

YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and trac...

EulerOS 2.0 SP3 : gstreamer-plugins-bad-free (EulerOS-SA-2022-1727)

According to the versions of the gstreamer-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an...

EulerOS 2.0 SP3 : gstreamer1-plugins-bad-free (EulerOS-SA-2022-1726)

According to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an...

Huawei EulerOS: Security Advisory for gstreamer-plugins-bad-free (EulerOS-SA-2022-1727)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-bad-free (EulerOS-SA-2022-1726)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.0.0 <=4.5.0) +38 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (>=3.12.0 <=3.12.7)

org.mongodb:mongodb-driver-legacy MAVEN version =3.12.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =4.4.1 - com.github.rinoto.mongo:migramongo-core =1.4 - com.github.rinoto.mongo:migramongo-reflections =1.4 - com.github.rinoto.mongo:migramongo-spring =1.4 - com.github.rinoto.mongo:migramongo-spring-web =1....