MAL-2022-7353 Malicious code in ykeykey-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 234eec78ac053b64b3e9a940d19743115698ac232ac124fafc4c843ba553b645 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in setup-kubectl-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d762845821324e1b8cd4eef7102615a636294d5d6f635c8f754d7ed87077f28e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6039 Malicious code in setup-kubectl-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d762845821324e1b8cd4eef7102615a636294d5d6f635c8f754d7ed87077f28e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in onboarding-setup-guide (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f460bd48ceadd7fb61e181dbe4b1691bed7bffdf1a8137a52f1b2d90a40914c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5073 Malicious code in onboarding-setup-guide (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f460bd48ceadd7fb61e181dbe4b1691bed7bffdf1a8137a52f1b2d90a40914c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in setup-ruby (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9639a73d85016c08f0bf612f8e7b6892b542d0008e9f9d80539e0afde4bb71ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6040 Malicious code in setup-ruby (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9639a73d85016c08f0bf612f8e7b6892b542d0008e9f9d80539e0afde4bb71ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1945

The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup...

CVE-2021-25088 Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both for...

CVE-2022-30328

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...

CVE-2022-32259

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with...

CVE-2022-31400

A cross-site scripting XSS vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

CVE-2022-1790

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1790

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

HelpDeskZ 跨站脚本漏洞

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...

WhiteBeam - Transparent Endpoint Security

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms incl. legacy and architectures Source available: Audits welcome Reviewed by security researchers with...

miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Enable 2FA + Website Security and...

NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a gallery with at least one image...

Schneider Electric PowerLogic ION Setup 输入验证错误漏洞

Schneider Electric PowerLogic ION Setup is a free, user-friendly configuration tool from Schneider Electric France. It provides an intuitive environment for setting up and verifying the settings of PowerLogic meters and other devices. An input validation error vulnerability exists in Schneider...