TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS , the vulnerability stems from a mail file staging deserialization flaw , which could lead to arbitrary PHP code execution . The following versions are affected: version 10.0.0 to 10.4.54...

EUVD-2025-6927

Malicious code in bioql PyPI...

CVE-2024-8055

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...

CVE-2024-8055

Viena CVE-2024-8055 affects Vanna v0.6.3. It describes an SQL injection in Snowflake-based file staging (PUT/COPY) that can be triggered via a Python Flask API, enabling an unauthenticated remote actor to read arbitrary local files (e.g., /etc/passwd). Connected sources confirm the vulnerable com...

Vanna 信息泄露漏洞

Vanna is a personalized AI SQL agent from Vanna Inc. An information disclosure vulnerability exists in Vanna version v0.6.3, which stems from an SQL injection via the Snowflake database during file staging operations using the PUT and COPY commands, allowing an unauthenticated remote user to read...

Lancefly APT Group Deploys Custom Backdoor ‘Merdoor’ in Targeted Attacks

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lancefly APT group targets South and Southeast Asia using the Merdoor backdoor and an updated ZXShell rootkit. Their attack chain involves credential theft, lateral movement, file staging, and...

CVE-2022-0130

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable....

Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage Attacks

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat APT espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools –...

How we Developed a Unified Binary Store (UBS): Part 1

Like most technology companies, VMware Carbon Black has a combination of acquired and built technologies that all utilize their own data stores. As our products have evolved to include the benefits of a centralized cloud offering, our data stores needed to similarly evolve. A new goal was formed:...

com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +74 more potentially affected by CVE-2016-3083 via org.apache.hive:hive-service (>=0.8.0 <=1.2.1)

org.apache.hive:hive-service MAVEN version =0.8.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2016-3083 Source advisory: OSV:GHSA-GF2V-9HP6-44QG...