MAL-2023-8035 Malicious code in some_crucial_web_app_new (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ccdfaaee4aea58e70c939bbfb4ebf1b0e2bf0cd4ce9918422a25e37c7ac59071 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8034 Malicious code in pear_vile (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 145f67c3ae87aa203e53f5a36d076c01ad4a8b9bc5cc89d0b6c13a4a9b73999e Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8014 Malicious code in cherry_corrupt (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c4217ff7a5cb8b7dda2ab6a4133d37db497cd1d418337326492b177b12853636 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in cnp_al_corp_front (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ca87bb9f11572bb7178a087d94273972886a104b0d9f9b25ea8799b418f8c85c Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in tema-cnp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c2745cc070d505850bb1ac172e24c2433bbec8ea8b59619e7e67ecd862f10635 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8015 Malicious code in cnp_al_corp_front (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ca87bb9f11572bb7178a087d94273972886a104b0d9f9b25ea8799b418f8c85c Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8037 Malicious code in tema-cnp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c2745cc070d505850bb1ac172e24c2433bbec8ea8b59619e7e67ecd862f10635 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

GHSA-M8FW-P3CR-6JQC Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...

Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...

CVE-2023-37905 Cross-site Scripting (XSS) in Source Mode of Editor in ckeditor-wordcount-plugin

ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the...

Daimler Truck: Server-based source code disclosures

URL: https://www.bharatbenz.com/TEST.PHP CWE: CWE-538 CVSS: 7.5-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N One or more pages disclosing source code were found. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate fals...

MAL-2023-1135 Malicious code in chegg-contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0f294558304bba4da1c74169d026ebb78d4c1509bc734739942abe3860bc7390 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

MAL-2023-8027 Malicious code in firefly-shared-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 540259a2eb130bcb8b4596b7a6458b6290bd5dd6b8846751f0475931083f7594 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Cross-site Scripting (XSS)

ckeditor-wordcount-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the strip function at plugin.js when switching to the source code mode which allows an attacker to inject and execute arbitrary javascript...

Malicious code in hideorg-lvl (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cadb232e4b479810d217f2adbfed5e8dba555837082c21bb6fc0501c0686c462 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

Driver Disk for Intel i40e 2.22.20 - For Citrix Hypervisor 8.2 LTSR

Who should install this driver disk? Note: This driver disk is superseded by a more recent build of i40e 2.22.20. The latest version is availabel at https://support.citrix.com/article/CTX677875/driver-disk-for-intel-i40e-222205-for-citrix-hypervisor-82-ltsr Customers running the Citrix Hypervisor...

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting XSS Date: 2023-06-23 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /print.php?nmmember= Vendor Homepage:...

CVE-2023-36192

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...

Secret information exfiltration by hard coding twitter API keys

Description Secret information used for API calls was embedded in the microweber source code. PoC It's hardcoded in the source code below. - https://github.com/microweber/microweber/blob/master/userfiles/modules/twitterfeed/functions.php php $oauthaccesstoken =...