4197 matches found
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
[SECURITY] Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43
This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...
security-guide-for-developers
This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...
wifi: cfg80211: fix use-after-free in cmp_bss()
...
"Digital Camouflage": the LLVM Challenge in LLM-Based Malware Detection
Large Language Models LLMs have emerged as promising tools for malware detection by analyzing code semantics, identifying vulnerabilities, and adapting to evolving threats. However, their reliability under adversarial compiler-level obfuscation is yet to be discovered. In this study, we empirical...
SUSE-SU-2025:03261-1 Security update for cups
This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in ppdCreatePPDFromIPP2 when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD bsc1230932. - CVE-2025-58060: no password check when AuthType i...
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...
MAL-2025-47420 Malicious code in @basic-ui-components-stc/basic-ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c7cc4b06e4071b6e4613358e926ea521ee3acb2223670ed3783c57abb5c0567 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...
SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server313 (SUSE-SU-2025:03234-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03234-1 advisory. - CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 - Fixed bad logrotate configuration...
[SECURITY] Fedora 42 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc42
This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...
Security update for rabbitmq-server313
This update for rabbitmq-server313 fixes the following issues: CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root bsc1246091 Patch Instructions: To install this SUSE update use th...
MAL-2025-47174 Malicious code in basic-pump-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc10b9f2bba8789f982dedfa26ff72ba0c4149b11d522b1d60523fac65c58419 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in basic-pump-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc10b9f2bba8789f982dedfa26ff72ba0c4149b11d522b1d60523fac65c58419 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview basic-pump-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in basic-validator-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a065e2ce3dcaa4245e9bd8873e7878385dbe7a3fe9aa7276ae5ac89686209889 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47175 Malicious code in basic-validator-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a065e2ce3dcaa4245e9bd8873e7878385dbe7a3fe9aa7276ae5ac89686209889 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
scripts
This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...
Ring-Selector-Bios-Kernel-Smm-Exploit-
Ring-S...
CVE-2025-10388 Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...