34 matches found
EUVD-2025-208903
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...
CVE-2025-67260
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...
Terrapack Arbitrary File Upload
Terrapack software suffers from an arbitrary file upload vulnerability that may allow attackers to execute arbitrary code. Affected software includes Terrapack TkWebCoreNG version 1.0.20200914, TKServerCGI version 2.5.4.150, and TpkWebGIS - Client version 1.0.0...
Malicious Package
Overview @liquid-web/core-services is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in @liquid-web/core-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f9afbcbd82f8b0c7374b5e9edb81329aa506296ef39a5a63d70d59af7591e74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cwt-booking-web-core (npm)
The package cwt-booking-web-core was found to contain malicious code...
MAL-2025-38504 Malicious code in visto-web-core (npm)
The package visto-web-core was found to contain malicious code...
Malicious code in visto-web-core (npm)
The package visto-web-core was found to contain malicious code...
Malicious code in @moonpig/web-core-app (npm)
The package @moonpig/web-core-app was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in @moonpig/web-core-utils (npm)
The package @moonpig/web-core-utils was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in ee-web-core (npm)
The package ee-web-core was found to contain malicious code...
MAL-2025-9108 Malicious code in @moonpig/web-core-utils (npm)
The package @moonpig/web-core-utils was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-17859 Malicious code in cwt-booking-web-core (npm)
The package cwt-booking-web-core was found to contain malicious code...
MAL-2025-9106 Malicious code in @moonpig/web-core-analytics (npm)
The package @moonpig/web-core-analytics was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-9107 Malicious code in @moonpig/web-core-app (npm)
The package @moonpig/web-core-app was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-19229 Malicious code in ee-web-core (npm)
The package ee-web-core was found to contain malicious code...
webkitgtk: use-after-free in WebCore::Frame::page
A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash...
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...
Malicious code in @swiggy-private/dls-web-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 866e9fd01cfe3133ef1ad9f34a13b577f9296d283c389de22605e996c5ff2de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
org.glassfish.fighterfish:osgi-http (=1.0.8), org.glassfish.main.appclient:gf-client (>=4.0 <=7.0.1) +26 more potentially affected by CVE-2024-8646 via org.glassfish.main.web:web-core (>=4.0 <=7.0.1)
org.glassfish.main.web:web-core MAVEN version =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =6.2.5, =4.1, =4.1, =4.1, =7.0.0, =4.0, =4.0, =4.0, =4.0, =4.1.2 and more Source cves: CVE-2024-8646 Source advisory: OSV:GHSA-7GQ2-VWQ9-W8VW...