Malicious code in knot-rspec-formatter-json (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

MAL-2026-3636 Malicious code in knot-simple-formatter (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

CVE-2023-25600

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...

EUVD-2023-31149

Malicious code in bioql PyPI...

EUVD-2023-29542

Malicious code in bioql PyPI...

CVE-2023-27373

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM...

Zscaler Client Connector Code Issue Vulnerability

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

CVE-2023-27373

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM...

CVE-2023-25600

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...

Insyde InsydeH2O Buffer Error Vulnerability

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Insyde InsydeH2O contains a security vulnerability that can be exploited by a malicious...

GHSA-49FJ-QP6P-Q544 Variable Tampering within joomla/input class

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

Variable Tampering within joomla/input class

More info at https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html...

[20220307] - Core - Variable Tampering on JInput $_REQUEST data

Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

Case Study Variable Tampering Among others, RIPS reported a variable tampering issue in the style configuration page for administrators. The GET parameter installto is used as the name of a variable. admin/adminstyles.php $installto = isset$HTTPGETVARS'installto' ? urldecode$HTTPGETVARS'installto...