GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

Command injection via malicious Perforce source reference/url

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

MAL-2025-49100 Malicious code in dynamic-import-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security e6f301178847664c047f34b5ce64b443f6162b3a0c5113fed22a3a9d1bfcd793 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

EUVD-2022-0202

Malicious code in bioql PyPI...

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Sh...

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

PT-2024-16629 · WordPress · Tutor Lms Elementor Addons

Name of the Vulnerable Software and Affected Versions: Tutor LMS Elementor Addons plugin for WordPress versions up to, and including, 2.1.5 Description: The issue is related to a missing capability check on the install etlms dependency plugin function, allowing authenticated attackers with...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py O...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

ROS-2-808

2.808 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...

ROS-2-1279

2.1279 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to a...

Man-in-the-Middle (MitM)

openapi-generator is vulnerable to man-in-the-middle attacks. Resolved dependencies in build.gradle, build.gradle.mustache and build.sbt are performed over an unencrypted HTTP channel, which would allow a remote attacker to intercept and modify network traffic during the installation of...

Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...

Exploit for Race Condition in Openbsd Openssh

CVE-2018-15473-Exploit On August 15th, 2018, the following adv...

Portia - Automate Techniques Commonly Performed On Internal Network Penetration Tests

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised: Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders - known for their...

DNS Analysis Tool: Bluto

The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they a...