Halo cross-site scripting vulnerability (CNVD-2022-08379)

Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 latest are susceptible to cross-site scripting XSS stored in the title of a post, which can be exploited by an attacker to...

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

Dynamics Business Central Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server. To exploit the vulnerability, an authenticated attacker needs to convince the victim into conne...

Malicious Package

mogoose is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

mysql-koa is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...