565 matches found
Malicious code in fb-deku-rm (npm)
The package fb-deku-rm was found to contain malicious code...
Malicious code in fca-d-rm (npm)
The package fca-d-rm was found to contain malicious code...
MAL-2025-20266 Malicious code in fb-deku-rm (npm)
The package fb-deku-rm was found to contain malicious code...
Malicious code in rm-api-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea2d07f3cf2fca9f2d9c28bb289065312eb770f303ac487e0ffe75bba11604a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4533 Malicious code in rm-api-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea2d07f3cf2fca9f2d9c28bb289065312eb770f303ac487e0ffe75bba11604a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-4709
A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an...
CVE-2023-46914
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via icsexport.php...
CVE-2021-44837
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the idcat1 query parameter to indicate the risk...
CVE-2021-44839
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/admutilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset and new ones sent ...
CVE-2021-44838
An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies...
CVE-2021-44836
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened...
CVE-2019-15854
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource...
CVE-2014-9448
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service crash via a long string in a WAX file...
CVE-2019-15855
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service...
rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2025-47783 via label-studio (=1.17.0)
label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2025-47783 Source advisory: SNYK:PYTHON-LABELSTUDIO-10182217...
rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2025-47783 via label-studio (=1.17.0)
label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2025-47783 Source advisory: OSV:GHSA-8JHR-WPCM-HH4H...
rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2025-47783 via label-studio (=1.17.0)
label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2025-47783 Source advisory: OSV:PYSEC-2025-124...
kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...
io.xuxiaowei.seata:seata-server (>=2.1.0 <=2.2.0), org.apache.seata:seata-compressor-all (>=2.1.0 <=2.2.0) +5 more potentially affected by CVE-2024-54016 via org.apache.seata:seata-compressor-zstd (>=2.1.0 <=2.2.0)
org.apache.seata:seata-compressor-zstd MAVEN version =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.2.0 Source cves: CVE-2024-54016 Source advisory: SNYK:JAVA-ORGAPACHESEATA-9521513...
com.weicoder:seata (>=3.5.1 <=3.6.2), io.seata:seata-compressor-all (>=1.5.0 <=2.0.0) +7 more potentially affected by CVE-2024-54016 via io.seata:seata-compressor-zstd (>=1.5.0 <=2.0.0)
io.seata:seata-compressor-zstd MAVEN version =1.5.0, =3.5.1, =1.5.0, =1.5.0, =1.8.0, =1.5.0, =1.7.0, =1.8.0, =2.0.0 Source cves: CVE-2024-54016 Source advisory: SNYK:JAVA-IOSEATA-9521514...