Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk"...

EUVD-2021-9382

Malicious code in bioql PyPI...

EUVD-2022-43228

Malicious code in bioql PyPI...

CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211restarthw. Set wcid-sta = 0 for each wcid entry i...

CVE-2024-4211

CVE-2024-4211 affects OpenText Application Automation Tools (v24.1.0 and below). Root cause: improper validation of input quantity coupled with multiple missing permission checks in ALM job configuration. Impact: users with Overall/Read permission could enumerate ALM server names, usernames and c...

GitLab 14.1 < 14.1.2 (CVE-2021-22236)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2022-3892

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3892 WP OAuth Server < 4.2.2 - Admin+ Stored XSS

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-24617 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication versions prior to 4.2.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for examp...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

PT-2021-6756 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 and later Description: The issue is related to the improper handling of OAuth client IDs, which causes new subscriptions to generate OAuth tokens on an incorrect OAuth client application. This can allow a remote...

SUSE-SU-2020:0370-1 Security update for wicked

This update for wicked fixes the following issues: - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IAPD option bsc1160904. - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids bsc1160906...

Fedora 29 : mosquitto (2019-d99e2329cb)

1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...