Lucene search
K

28 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 2:19 p.m.8 views

Malicious code in @pnc-ref/harmony-support-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/15 2:19 p.m.6 views

MAL-2026-2689 Malicious code in @pnc-ref/harmony-core-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9af3593ce67756288a2b5c3d0b337f86b5dc510085895bc2d8f76629a79a350 The package @pnc-ref/harmony-core-v18 was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/15 2:19 p.m.4 views

MAL-2026-2690 Malicious code in @pnc-ref/harmony-support-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2025/03/03 1:36 p.m.7 views

MAL-2025-1919 Malicious code in react-v18 (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/03 1:36 p.m.5 views

Malicious code in react-dom-v18 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 10:28 p.m.7 views

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

8.5CVSS7.5AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 12:4 p.m.44 views

CVE-2023-32737

CVE-2023-32737 affects SIMATIC STEP 7 Safety V18 (all versions

7CVSS7.7AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 12:4 p.m.25 views

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

8.5CVSS0.00227EPSS
Exploits0References1
Node JS Blog
Node JS Blog
added 2024/02/14 12:0 a.m.37 views

Wednesday February 14 2024 Security Releases

Wednesday February 14 2024 Security Releases Update 14-February-2024 Security releases available Updates are now available for the v18.x, v20.x and v21.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public...

9.8CVSS7.3AI score0.03168EPSS
Exploits1
Cvelist
Cvelist
added 2023/12/12 11:27 a.m.29 views

CVE-2023-46284

A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...

7.5CVSS7.8AI score0.00905EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.7 views

PT-2023-7778 · Siemens · Opcenter Quality +4

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal TIA Portal V14 Totally Integrated...

7.8CVSS7.2AI score0.00905EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.8 views

PT-2023-7780 · Siemens · Opcenter Quality +4

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal TIA Portal V14 Totally Integrated...

7.8CVSS7.4AI score0.00905EPSS
Exploits0References6
OSV
OSV
added 2023/11/23 12:15 a.m.3 views

DEBIAN-CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

7.5CVSS7AI score0.0105EPSS
Exploits0References1
Node JS Blog
Node JS Blog
added 2023/10/13 12:0 a.m.68 views

Friday October 13 2023 Security Releases

Friday October 13 2023 Security Releases Update 13-October-2023 Security releases available Updates are now available for the v18.x and v20.x Node.js release lines for the following issues. undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch Low - CVE-2023-45143 Undic...

9.8CVSS7.7AI score0.99999EPSS
Exploits19
NVD
NVD
added 2023/07/01 12:15 a.m.26 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.5AI score0.03906EPSS
Exploits1References10
Prion
Prion
added 2023/07/01 12:15 a.m.26 views

Crlf injection

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

5CVSS7.3AI score0.03906EPSS
Exploits1References8Affected Software2
AlpineLinux
AlpineLinux
added 2023/06/30 11:39 p.m.68 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.9AI score0.03906EPSS
Exploits1
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.4 views

Anyka Microelectronics AK3918EV300 MCU 命令注入漏洞

Anyka Microelectronics AK3918EV300 MCU is a single chip from Anyka Microelectronics China. A security vulnerability exists in the Anyka Microelectronics AK3918EV300 MCU v18. The vulnerability can be exploited by an attacker to execute arbitrary commands via a specially crafted wifi SSID or passwo...

9.8CVSS8.8AI score0.0347EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/10/19 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2022:3614-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3614-1 advisory. Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic bsc1201325. - CVE-2022-35256: Fixed...

6.5CVSS7.1AI score0.41954EPSS
Exploits2References7
Prion
Prion
added 2019/04/08 3:29 p.m.20 views

Design/Logic Flaw

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889...

4CVSS4.1AI score0.00994EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder