50 matches found
Malicious Package
Overview vintage-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
CVE-2025-66036
Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting XSS in the input handling component. This issue has been patched in version 2.4.7...
EUVD-2025-199889
Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting XSS in the input handling component. This issue has been patched in version 2.4.7...
PT-2025-48354
Name of the Vulnerable Software and Affected Versions Retro versions prior to 2.4.7 Description Retro, an online platform for vintage collections, has a cross-site scripting XSS issue in the input handling component. This allows for potential malicious code execution through crafted input...
Malicious code in @leaffm/leaf-connect-97th-vintage (npm)
The package @leaffm/leaf-connect-97th-vintage was found to contain malicious code...
MAL-2025-8372 Malicious code in @leaffm/leaf-connect-97thvintage (npm)
The package @leaffm/leaf-connect-97thvintage was found to contain malicious code...
MAL-2025-8371 Malicious code in @leaffm/leaf-connect-97th-vintage (npm)
The package @leaffm/leaf-connect-97th-vintage was found to contain malicious code...
MAL-2024-12059 Malicious code in vintage-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63f6bc17c1c01e6f49a004e5384314cbf05ad37d339d259358798671c386b601 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vintage-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63f6bc17c1c01e6f49a004e5384314cbf05ad37d339d259358798671c386b601 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Input validation
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...
CVE-2023-5800
CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...
vintagefurnitureco.co.uk Cross Site Scripting vulnerability OBB-3847923
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintage-electronics.com Cross Site Scripting vulnerability OBB-3826666
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintage-guitar.de Cross Site Scripting vulnerability OBB-3744093
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintagefootballshirts.com Cross Site Scripting vulnerability OBB-3528547
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintage-paris.com Cross Site Scripting vulnerability OBB-3483381
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintage-paris.co.jp Cross Site Scripting vulnerability OBB-3371237
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintage-paris.com Cross Site Scripting vulnerability OBB-3226876
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintageleathermanufacturing.com Cross Site Scripting vulnerability OBB-3207075
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vintagetoyscollectibles0.com Cross Site Scripting vulnerability OBB-2779519
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...