MAL-2026-2952 Malicious code in @settle-sea/supporting-documents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1a578c532adf03529b20a3a434751c75d17e6c7ea31e4ca1881447db490cc78 The package @settle-sea/supporting-documents was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @settle-sea/supporting-documents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1a578c532adf03529b20a3a434751c75d17e6c7ea31e4ca1881447db490cc78 The package @settle-sea/supporting-documents was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-4931

Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...

EUVD-2026-19742

Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost...

CVE-2020-6301

SAP ERP HCM Travel Management, versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check...

rng-tools bug fix and enhancement update

An update is available for rng-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rng-tools packages contain random number generator user-space utilities...

rng-tools bug fix and enhancement update

An update is available for rng-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rng-tools packages contain random number generator user-space utilities...

Basket can be fully drained if the auction is settled within a specific block

Handle Ruhum Vulnerability details Impact The settleAuction function allows someone to settle the auction by transferring funds in a way that the new pending index is fulfilled. As a reward, they are able to take out as many tokens as they want as long as the pending index is fulfilled after that...

Settle Portfolio state could be griefed.

Handle tensors Vulnerability details Impact It could be possible for a user to get a portfolioState that is large enough to be unfeasible to compute, either because of the block gas limit or simply because gas fees are so high and the code itself is complex. If this is possible, than he could tak...

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...

CVE-2020-23447

CVE-2020-23447 affects newbee-mall 1.0 with a cross-site scripting vulnerability in shop-cart/settle. An attacker can inject an XSS payload in the address information during purchase, triggered when viewing the Order Management Office’s “View Recipient Information.” Connected CNVD/CVEs corroborat...

This Week in Security News: Over 2,000 WordPress Accounts Compromised and Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, over two thousand WordPress sites were compromised using a malicious script that redirects visitors to scam websites. Also, read about how...

Settle Up - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Settle Up published at the 'play' market has multiple vulnerabilities...

SA-CONTRIB-2012-066 - Spaces and Spaces OG - Access Bypass

CVE: CVE-2012-2303 Spaces is an API module intended to make configuration options generally avaliable only at the sitewide level to be configurable and overridden by individual "spaces" on a Drupal site. The spaces and spacesog modules part of the spaces package in some cases do not apply the...

SuSE9 Security Update : multipath-tools (YOU Patch Number 12377)

The default permissions on the multipathd socket file were to generous and allowed any user to connect. CVE-2009-0115 This update also contains the following fixes : - multipathd is not started for single paths bnc473841 - Backport maxfds parameter bnc457632 - Rename NetApp prio callout to 'ontap...