MAL-2026-4729 Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

EUVD-2026-1999

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

EUVD-2018-8039

Malware in sbrugna...

EUVD-2018-8042

Malware in sbrugna...

EUVD-2018-8038

Malware in sbrugna...

EUVD-2019-7070

Malware in sbrugna...

EUVD-2018-8041

Malware in sbrugna...

EUVD-2018-8040

Malware in sbrugna...

EUVD-2020-28172

Malware in sbrugna...

EUVD-2022-33596

Malicious code in bioql PyPI...

EUVD-2022-45069

Malicious code in bioql PyPI...

CVE-2022-41963

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

CVE-2022-29236

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

CVE-2024-32472 excalidraw vulnerable to a Stored XSS in excalidraw's web embed component

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

CVE-2024-32472 excalidraw vulnerable to a Stored XSS in excalidraw's web embed component

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

CVE-2024-32472 excalidraw vulnerable to a Stored XSS in excalidraw's web embed component

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

whiteboard-direct.de Improper Access Control vulnerability OBB-3780388

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-5076

Issue: CVE-2023-5076 affects the Ziteboard Online Whiteboard WordPress plugin. Affect/Root cause: Stored Cross-Site Scripting via the ziteboard shortcode caused by insufficient input sanitization and output escaping in versions up to and including 2.9.9. Impact: Authenticated attackers with contr...