29 matches found
Malicious code in ant-zeppelin-csy326-project (npm)
The package ant-zeppelin-csy326-project was found to contain malicious code...
Advisory ROSA-SA-2025-2937
software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-9 affected versions libxml2-2.9.14-9 CVE-ID: CVE-2025-32414 BDU-ID: 2025-05199 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Python API component of the libxml2 library involves incorrect validation of the return val...
MAL-2025-6650 Malicious code in processes-widget-fe-commons (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-6420 Malicious code in frontend-feature-flags (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-6518 Malicious code in graphlibx (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-5597 Malicious code in @figshare/old-viewers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b582af08f54b24b027eb8ffb5e56e63e4efff4c947ef2abb5fc552a7476539d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-30687
CVE-2025-30687 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL versions 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The issue allows a network-accessing, low-privilege attacker to cause a hang or frequent crashes (DoS). No exploitation status or in-wild details are provided in...
CVE-2025-21583
...
CVE-2025-27499
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the processaedicaosocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...
PT-2024-9698 · Microsoft +5 · Edge +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 131.0.6778.204 Microsoft Edge affected versions not specified Description: A use after free issue in the Compositing component of Google Chrome and Microsoft Edge could allow a remote attacker to potentially...
MAL-2025-5116 Malicious code in gwpythonsectt2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cbfa0f91f8c3bb4e7c3ebed7676d1e4c69546c214db5a69e216597ecc367c700 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
SUSE-SU-2021:3269-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allowed QLibrary to load libraries relative to CWD which could result in arbitrary code execution. bsc1189408...
Privilege Escalation
ghost is vulnerable to privilege escalation. Any user is able to access Admin-level API keys and gain access to secured functions...
EasyNews PRO News Publishing 4.0 - Password Disclosure
= EasyNews PRO News Publishing 4.0 Remote Password Disclosure Vulnerability Affected Software: Easy News 4.0 PRO = Risk: Critical = Download: http://www.stphp.com/scripts/EasyNewsPRO40.zip = Bugfounder: bd0rk = Contact: bd0rkathackermail.com = Greets: str0ke, crashovernight, TheJT, Kacper Usage:...
UPB: Discussion Board/Web-Site Takeover
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: UPB: Discussion Board/Web-Site Takeover product: Ultimate PHP Board v1.9 latest vendor: www.myupb.com risk: high date: 05/24/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/024.en.txt...
Проблема в MS Money
Пароль пользователя хранится открытым текстом...
CVE-2020-24532
...
CVE-2019-16821
...
CVE-2019-8845
...
CVE-2013-5268
...