CVE-2024-10073

flairNLP flair 0.14.0 is affected by a code-injection vulnerability in the ClusteringModel function located in flair/models/clustering.py (Mode File Loader). The issue allows remote code execution and is described as high severity; attack complexity is listed as high and exploitation has been dis...

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

PT-2024-16009 · Flairnlp · Flairnlp

Name of the Vulnerable Software and Affected Versions: flairNLP flair version 0.14.0 Description: A critical vulnerability was found in the function ClusteringModel of the file flairmodelsclustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to...

Malicious code in github-loader (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9643 Malicious code in github-loader (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in code-file-loader (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9559 Malicious code in code-file-loader (npm)

--- -= Per source details. Do not edit below this line.=-...

Apache Solr 安全漏洞

Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...

GHSA-G77X-44XX-532M Denial of Service condition in Next.js image optimization

Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...

Command Injection

@saltcorn/plugins-loader is vulnerable to command injection. The vulnerability is due to the lack of input validation on the user-controlled value req.body.name, allows users with admin permissions to manipulate the input by adding escaping characters, thereby executing arbitrary commands when th...

SUSE CVE-2024-38796

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...

UBUNTU-CVE-2024-38796

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...

CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

DEBIAN-CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

UBUNTU-CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

CVE-2024-46826

The CVE-2024-46826 issue is a concrete Linux kernel vulnerability where the ELF loader uses kernel.randomize_va_space twice, allowing potential inconsistency of the randomization value across an exec. The root cause is a double read of the sysctl value, which can change over time, potentially cau...