GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native...
9.8CVSS
7.8AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the...
9.8CVSS
7.9AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...
6.1CVSS
5.9AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user...
8.1CVSS
6.8AI Score
0.001EPSS
Malicious code in webpack-cli.legacy (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (22737261df7f74819a3f3f968e6516db5e37f6621827d6148b290f7650b9992f) The OpenSSF Package Analysis project identified 'webpack-cli.legacy' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score
Malicious code in fkletbbpoc (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (125b0aa54538899871c0071ae4b76678012092032ff03d6ad08c4ecf1a2fc7d7) The OpenSSF Package Analysis project identified 'fkletbbpoc' @ 0.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in commentrating (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (87db588ebd8e7a42cbbbbf7fc21caa36fc553172a0ff4c4e9a58ce9354d62e7f) The OpenSSF Package Analysis project identified 'commentrating' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in verycoolzpac2 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (50b609e8ebccac67716745b1447224238ae17c0a78499f90c48aa684d971cded) The OpenSSF Package Analysis project identified 'verycoolzpac2' @ 0.0.3 (npm) as malicious. It is considered malicious because: - The package...
6.9AI Score
Malicious code in idcs-dialog (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1f9e71c07d690c8293d57afe2530d560684f82b76c844f9904256c1d330fc5af) The OpenSSF Package Analysis project identified 'idcs-dialog' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...
4.3CVSS
6.3AI Score
0.0004EPSS
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the...
8.8CVSS
7.8AI Score
0.001EPSS
Malicious code in smart-commons (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d5cef67a87cd4a497f6879379a3829535212f7d703197ce6d3130dd03fd2da6) The OpenSSF Package Analysis project identified 'smart-commons' @ 19.6.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in plain-function (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e) The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in links-3 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (870f8306aa2e95828fa2fdd771044248f7d5e8e715304b6818773620e5c7a1b2) The OpenSSF Package Analysis project identified 'links-3' @ 9.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in spamsynonym (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce) The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in com.unity.xrtools.spatial-hash (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (efa5d123e10b0da3ed7e7898101f41654aa13a572def7acb40b838e0ef88e74b) The OpenSSF Package Analysis project identified 'com.unity.xrtools.spatial-hash' @ 2.0.0 (npm) as malicious. It is considered malicious because: -.....
7.1AI Score
Exploit for Heap-based Buffer Overflow in Fortinet Fortiproxy
Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...
9.8CVSS
10AI Score
0.135EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....
7.5CVSS
7.6AI Score
0.0004EPSS
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...
7.5CVSS
6.3AI Score
0.001EPSS
Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting
h3. Issue Summary When using the open-source [Jira Python library|https://github.com/pycontribs/jira] to make REST API calls to Jira, if [cookie-based authentication|https://jira.readthedocs.io/examples.html#cookie-based-authentication] is used then Jira's rate limits will be bypassed. This can...
6.9AI Score
Malicious code in en-calendar (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89) The OpenSSF Package Analysis project identified 'en-calendar' @ 1.0.1 (npm) as malicious. It is considered malicious because: The package executes.....
7.4AI Score
Malicious code in react-green-ui (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3109c997fe1ab2888814f3679bf903a97bce7112d5921a921ae0aea7d787fe3d) The OpenSSF Package Analysis project identified 'react-green-ui' @ 10.0.49 (npm) as malicious. It is considered malicious because: - The package...
7.4AI Score
Malicious code in com.unity.test-runner-manual-tests (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (85698be2138d279587657502f67090097d4cbbeb4b05a492c63e318fe69f4560) The OpenSSF Package Analysis project identified 'com.unity.test-runner-manual-tests' @ 2.0.0 (npm) as malicious. It is considered malicious...
7.1AI Score
Malicious code in afterpay-sdk-example-server (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c) The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 (npm) as malicious. It is considered malicious because: -...
7.1AI Score
Malicious code in store-js-sdk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4462b056f6144f0a42e19147fcc9c5a0277e45631c26bebad88d24513995b773) The OpenSSF Package Analysis project identified 'store-js-sdk' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in bageth (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e0fb8d217f32446aeb4dbf744d45c5aadd152f0917a228ead1ad0183ac18b995) The OpenSSF Package Analysis project identified 'bageth' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package communicates...
7.1AI Score
Malicious code in kiln-desktop (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ef3b624dee4eb3ef776b321ad28eddf3bc2d6cde2852fdcb47b0ef795047c6bf) The OpenSSF Package Analysis project identified 'kiln-desktop' @ 2.2.0 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and...
4.8CVSS
6.8AI Score
0.001EPSS
Malicious code in cyclotron-svc (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4f8b0a1aa798da64bb0b8fd50b7a301eb9c0bec31e520948a8b30275bcbe318b) The OpenSSF Package Analysis project identified 'cyclotron-svc' @ 5.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in smsobfuscate (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (fa2efc28ecdebc90e41edd50503e199984f68d05cb13edab8b6e8d503d18e75c) The OpenSSF Package Analysis project identified 'smsobfuscate' @ 1.0.1 (pypi) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in verycoolzpac (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5375ee65b8d94a515b53e30980d783a66b8f75c2ad0f388f471e41b0dada5587) The OpenSSF Package Analysis project identified 'verycoolzpac' @ 0.39.9999 (npm) as malicious. It is considered malicious because: - The package...
6.9AI Score
Malicious code in zsbpwebsdktest3 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a25d6ab5c8c52c4020f38d78237f6c953a826c3e8abc287370befada0727c50a) The OpenSSF Package Analysis project identified 'zsbpwebsdktest3' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score
Malicious code in twinmotion (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0627a5bcf9887521a72abc5568ab4cf60f65b073d5b0b1c5d2978eeb30079cfd) The OpenSSF Package Analysis project identified 'twinmotion' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in testforconfusion (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0463d945d1cd3398ce2594034fd52775ac94fe411f1cc645f88f757522abfc1b) The OpenSSF Package Analysis project identified 'testforconfusion' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in seafoam-desktop (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (11b7b515412cb320d382cffb4a3abe4fa232556d7db6ac3dde904bd295b279a3) The OpenSSF Package Analysis project identified 'seafoam-desktop' @ 10.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in compositionupdate (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (609e73b696d2a84c8c2169afde78694231815b46be300710ddf913fed7c63d1b) The OpenSSF Package Analysis project identified 'compositionupdate' @ 88.8.8 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score
Malicious code in egstore-carousel (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e32b3c589f221c9b4e1d86be2924f6e215e6bf6c03844a5084fb1f04eb33275e) The OpenSSF Package Analysis project identified 'egstore-carousel' @ 99.2.2 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in dist-web (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in diesel-site (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bb78d01ad7ff8d210d59657017d35725abab41a1e59657ff43ac4ac0889ac493) The OpenSSF Package Analysis project identified 'diesel-site' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in apache2 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (12b1a6eed914c86f199b052822217042e2afa047d6b1d9921fd30b56f1e5e650) The OpenSSF Package Analysis project identified 'apache2' @ 1.1.9 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in bistrosk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (275abca8527ba6a0a29bf30537bad45fb01533a199b59ca9543da88dda4f8334) The OpenSSF Package Analysis project identified 'bistrosk' @ 200.0.3 (npm) as malicious. It is considered malicious because: The package...
7.2AI Score
Malicious code in eslint-plugin-indeed (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0) The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious. It is considered malicious because: - The...
7.1AI Score
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...
8.1CVSS
7.7AI Score
0.001EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...
6.8CVSS
6.3AI Score
0.0005EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...
4.3CVSS
6.6AI Score
0.0004EPSS
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...
7.5CVSS
6.6AI Score
0.001EPSS
Malicious code in falsepositivecheck6969 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cef392714b654bd14df8ba24c491e8844b54e08fee392bff62632f7f3e5d6fa1) The OpenSSF Package Analysis project identified 'falsepositivecheck6969' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The...
7.1AI Score
Malicious code in zsbpwebsdktest (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (347bc418b55e9092cd6a48ff3f93f328085fa2c4192ba6dc2c5cf062c3d10c20) The OpenSSF Package Analysis project identified 'zsbpwebsdktest' @ 9999.99.91 (npm) as malicious. It is considered malicious because: - The package....
7.1AI Score
Malicious code in zsbpwebsdk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bf63d69adabe277a69df70ff7c39dd42b81fad4f512f8204458dc438d7edfb7d) The OpenSSF Package Analysis project identified 'zsbpwebsdk' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in stateful-fastclick (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5a06e5b71a04fa67ca20937e8e438c638644db87d181799a046d22c568e6c4c5) The OpenSSF Package Analysis project identified 'stateful-fastclick' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score