Malicious code in mpc-ap-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8030 Malicious code in mpc-ap-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apache Shardingsphere_Elasticjob-Ui

CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that affects...

SUSE CVE-2005-3747

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...

MAL-2023-8009 Malicious code in ajaxmanager-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cbfc18e18de3ecf81548e9fff07c310df0c09ae04271fbe4e2f3e6872af6c549 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in ajaxmanager-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cbfc18e18de3ecf81548e9fff07c310df0c09ae04271fbe4e2f3e6872af6c549 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

CVE-2023-29199

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

Remote code execution

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

CVE-2023-29199 vm2 Sandbox escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

CVE-2023-29199

The CVE-2023-29199 issue affects the vm2 Node.js module, specifically its source code transformer’s exception sanitization. Versions up to 3.9.15 are vulnerable to a sandbox bypass in handleException(), enabling leakage of unsanitized host exceptions and potential remote code execution in the hos...

CVE-2023-29199 vm2 Sandbox escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

Online Computer And Laptop Store 1.0 Shell Upload

!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

Code injection

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

Are Source Code Leaks the New Threat Software vendors Should Care About?

Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing platform GitHub by sending a copyright infringement notice to take down the incriminated repository. The latter is now inaccessible, but according to the media, it was accessibl...

Are Source Code Leaks the New Threat Software vendors Should Care About?

Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing platform GitHub by sending a copyright infringement notice to take down the incriminated repository. The latter is now inaccessible, but according to the media, it was accessibl...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...