84 matches found
Malicious Package
Overview @atticuss-sra/test-pkg-x4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2024-55312
An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...
CVE-2024-47570
An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions...
PT-2025-50108
Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4 Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only...
EUVD-2025-135687
Malicious code in ter-sohyun-sra npm...
MAL-2025-179019 Malicious code in ter-sohyun-sra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa7b86dafa5b4d7f547e46fe56b3cffd7092c0f37ce477e4db0afa507f7b331 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2015-4196
Malware in sbrugna...
EUVD-2019-0248
Malware in sbrugna...
EUVD-2022-41792
Malicious code in bioql PyPI...
CVE-2019-10296
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
April 16, 2025—KB5059087 (OS Build 26100.3781) Out-of-band
April 16, 2025—KB5059087 OS Build 26100.3781 Out-of-band For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows Server 2025, see its update history page. Follow @WindowsUpdate to find out when new content...
CVE-2022-39301
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...
Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools
By cybernewswire Philadelphia, Pennsylvania, May 8th, 2024, CyberNewsWire Security Risk Advisors SRA announces the launch of their OT/XIoT Detection Selection… This is a post from HackRead.com Read the original post: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optim...
CVE-2022-39301
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...
Cross site scripting
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...
CVE-2022-39301 sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...
sra-admin 代码问题漏洞
sra-admin is a front-end and back-end separation, out-of-the-box backend permissions management system by momofoolish individual developers. A code issue vulnerability exists in sra-admin version 1.1.1. An attacker can exploit this vulnerability to steal user's personal information by uploading a...
CVE-2022-39301
CVE-2022-39301 concerns sra-admin, a front/back-end separated rights management system. The issue affects version 1.1.1, where a storage cross-site scripting (XSS) vulnerability lies in the Profile Picture Upload under Personal Center. An attacker who logs in could upload an HTML page containing ...
CVE-2022-39301 sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...
CVE-2022-39301 sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...