Malicious Package

Overview check-deps-ver-consistency is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview check-dependency-ver-consistency is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

CVE-2026-1483

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosverauto.aspx', could allow an attacker to extract...

CVE-2026-1479 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...

CVE-2026-1479

The CVE-2026-1479 entry describes an out-of-band SQL injection in the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The vulnerability affects the /evaluacion_hca_ver_auto.asp endpoint, where attacker-controlled values in the Id_usuario and Id_evaluacion parameter...

PT-2026-4973

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id usuario' in ‘/evaluacion acciones ver auto.aspx’, could allow an attacker to extrac...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

PT-2025-45009

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the id...

Exploit for SQL Injection in Mitel Micollab

CVE-2025-52914 How does this detection method work? Versi...

CVE-2025-40719

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...

CVE-2024-21670

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

PT-2024-17193 · WordPress · Latex2Html

Name of the Vulnerable Software and Affected Versions: LaTeX2HTML plugin for WordPress versions up to, and including, 2.5.5 Description: The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ver or date parameter due to insufficient input sanitization and...

WordPress plugin LaTeX2HTML 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

Malicious code in check-deps-ver-consistency (npm)

--- -= Per source details. Do not edit below this line.=-...

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver...

CVE-2024-41995

Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers...

JVN#78728294: Firmware update for RICOH JavaTM Platform resets the TLS configuration

JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer version,...

JVN#70666401: Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5 CVE-2024-39838 Incorrect...

JVN#84326763: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-41139 Origin...

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen,...