Malicious code in dreamteam11-google-tech (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fa8233b2417c3495294e1fd0c5a031af4981dfcda1faa893025a52d760089e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-291 Malicious code in dreamteam11-google-tech (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fa8233b2417c3495294e1fd0c5a031af4981dfcda1faa893025a52d760089e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

Sql injection

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

CVE-2021-36520

CVE-2021-36520 : A SQL injection vulnerability in I-Tech TrainSmart r1044 is exploitable via the URI path evaluation/assign-evaluation?id=, enabling remote attackers to view sensitive information. Public PoC/exploit references confirm workable SQL injection scenarios. The CVSS v3.1 base score is ...

Massive malvertising campaign targets seniors via fake Weebly sites

Knowing their audience is something scammers excel at, and for very good reason. This is particularly true for tech support scammers whose prime targets are seniors. By understanding what retirees are searching for and abusing various online platforms, crooks can precisely go after the demographi...

GHSA-X2XW-HW8G-6773 govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS such that Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitized. To exploit this...

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation

Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation...

GHSA-W6Q2-48CH-FJ26 Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation

Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation...

CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

Input validation

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites...

CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...