MAL-2023-6801 Malicious code in selfvmreplace (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3b31cd9aa51275ec76fde8e45529048960b926f0f3c7670dda9773cee19e58da EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3405 Malicious code in esqsplitpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b3f11c6e018c5a1321a3fbdbc4aa72e0a614634e2949a315ac9269574c5d20df EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5175 Malicious code in py-httpencode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4d9ff6419a8de217d90b560650745f4d33d9c4da75c3690507ba058b018d2ae8 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-4808 Malicious code in osintrand (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 75f0f4e41eb5b3d4b9381ea1d7f4ba29d5b618bb166fe2a835def6149243587f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3841 Malicious code in killpyw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 18f7bad9fc9508b375141f54903d976457da567ca719246fe279095a0462dd46 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-7832 Malicious code in virtualram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 10efabece90985da1f702890a1e1e1d25110790c5153ff24a1632ab12ed5605c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Batteries Are Ukraine’s Secret Weapon Against Russia

With Russia regularly knocking out Ukraine’s power grid, the country has turned to high-capacity batteries to keep it connected to the world—and itself...

CVE-2023-0884

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-3759. Reason: This candidate is a reservation duplicate of CVE-2022-3759. Notes: All CVE users should reference CVE-2022-3759 instead of this candidate. All references and descriptions in this candidate have been removed to...

CVE-2017-1038

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine

Russia's cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google's Threat Analysis Group TAG and Mandiant disclosed in a new joint report. The targeting, which coincided and has since persisted following the country's military invasion of Ukraine in February...

CVE-2023-0917

The CVE-2023-0917 entry concerns SourceCodester Simple Customer Relationship Management System 1.0. The vulnerability affects the login.php component, where manipulation of the Password parameter enables SQL injection. It is exploitable remotely, and multiple sources note the exploit has been dis...

QR code generator My QR Code leaks users’ login data and addresses

By Waqas My QR Code was informed about the leak almost two weeks ago, yet it failed to respond or secure its server. This is a post from HackRead.com Read the original post: QR code generator My QR Code leaks users login data and addresses...

CVE-2021-33237

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Consult IDs: CVE-2021-36686. Reason: This candidate is a duplicate of CVE-2021-36686. Notes: All CVE users should reference CVE-2021-36686 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Examples a lot of attributes are affected!,...

GSD-2023-1002220 bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation

bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.231 by commit...

GSD-2023-1002189 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.

netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.164 by commit...

GSD-2023-1002146 cifs: Fix oops due to uncleared server->smbd_conn in reconnect

cifs: Fix oops due to uncleared server-smbdconn in reconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.166 by commit...

GSD-2023-1002053 x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL

x86/i8259: Mark legacy PIC interrupts with IRQLEVEL This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.91 by commit...

GSD-2023-1001919 thermal: core: call put_device() only after device_register() fails

thermal: core: call putdevice only after deviceregister fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit...

Remote Code Execution

lava is vulnerable to Remote Code Execution. The vulnerability exists in the REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template which allows an attacker to execute arbitrary codes...