Malicious code in synthetics-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...

MAL-2026-2802 Malicious code in synthetics-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...

Synthetics Recorder 1.4.15 Security Update (ESA-2026-16) - CVE-2025-6554 and CVE-2025-7657

Dependency on Vulnerable Third-Party Component in Synthetics Recorder Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in the bundled Chromium browser in Elastic Synthetics Recorder that could allow an attacker to achieve remote code execution on a...

CVE-2023-31415

Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of t...

EUVD-2025-13051

Malicious code in bioql PyPI...

EUVD-2023-35726

Malicious code in bioql PyPI...

Malicious code in synthetics-sdk-broken-links (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47730 Malicious code in synthetics-sdk-broken-links (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-21613 Malicious code in gmx-synthetics (npm)

The package gmx-synthetics was found to contain malicious code...

Malicious code in gmx-synthetics (npm)

The package gmx-synthetics was found to contain malicious code...

BIT-KIBANA-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

BIT-ELK-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...

CVE-2024-11390

Kibana is affected by CVE-2024-11390: an Unrestricted Upload of a File with a Dangerous Type can lead to arbitrary JavaScript execution (XSS) in a victim’s browser via crafted HTML/JavaScript files. This requires access to the Synthetics app or write access to synthetics indices. Affected version...

Kibana 7.17.24 and 8.12.0 Security Update (ESA-2024-20)

Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS ESA-2024-20 Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetic...

Malicious code in synthetics-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e132b465279df9b9432ece358404299922e0051907132baf848320447a551489 The OpenSSF Package Analysis project identified 'synthetics-recorder' @ 9.9.99 npm as malicious. It is considered malicious because: - The packa...

Arbitrary Code Execution

kibana is vulnerable to Arbitrary Code Execution. A remote authenticated attacker with the ability to modify the Kibana yaml or env configuration is able to execute malicious code on the host system via a malicious configuration payload trough the Uptime/Synthetics feature...

Elastic Kibana < 8.7.1 Arbitrary Code Execution

The Elastic Kibana software on the remote host is missing a security update. It is, therefore, affected by multiple arbitrary code execution vulnerabilities: - An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This...