CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...

Spring Session Hazelcast: Now Led by Hazelcast Team

It gives me great pleasure to announce that the Spring Session Hazelcast project will now be led by the Hazelcast Team. NOTE: This announcement is in alignment with our announcement Spring Session MongoDB: Now Led by MongoDB Team. For ten years Spring Session has provided the infrastructure for...

EUVD-2013-5770

Malware in sbrugna...

EUVD-2013-5769

Malware in sbrugna...

EUVD-2013-5040

Malware in sbrugna...

EUVD-2020-18793

Malware in sbrugna...

EUVD-2018-2726

Malware in sbrugna...

EUVD-2022-4434

Malicious code in bioql PyPI...

EUVD-2023-1474

Malicious code in bioql PyPI...

EUVD-2022-7594

Malicious code in bioql PyPI...

EUVD-2024-54429

Malicious code in bioql PyPI...

EUVD-2022-1392

Malicious code in bioql PyPI...

EUVD-2023-2023

Malicious code in bioql PyPI...

MAL-2025-25974 Malicious code in marudor-hazelcast-client (npm)

The package marudor-hazelcast-client was found to contain malicious code...

MAL-2025-27609 Malicious code in node-cache-manager-hazelcast (npm)

The package node-cache-manager-hazelcast was found to contain malicious code...

Malicious code in marudor-hazelcast-client (npm)

The package marudor-hazelcast-client was found to contain malicious code...

Malicious code in node-cache-manager-hazelcast (npm)

The package node-cache-manager-hazelcast was found to contain malicious code...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...