Malicious code in working-today--soft-aim-fortnite-down-lo-ad-pc-esp-aimbot-undetected-2023-41etdn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d8a9f0993744d4972cdf5e672ed1837953cea1a52c4cc63a83e24184de071ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in snyk.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76c8b0ab07e37f58fd612860770162ef6e593d6f155a12952b7eafe0afa9ffdd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.12 security, enhancement & bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.12 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

BIT-JENKINS-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk,...

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 CVSS score: 9.8, the critical flaw relates to an improper restriction of XML external...

PT-2025-2095 · Drupal · Drupal Persistent Login

Name of the Vulnerable Software and Affected Versions: Drupal Persistent Login versions 0.0.0 through 1.8.0 Drupal Persistent Login versions 2.0. through 2.2.2 Description: The issue is related to insufficient session expiration in the Drupal Persistent Login module, allowing for forceful browsin...

Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

This module enables users to remain logged in separately from session timeouts. The module doesn't sufficiently check a user's disabled status when validating cookies. This vulnerability is mitigated by the fact that an attacker must have an unexpired cookie from a previous successful login...

Drupal Persistent Login module < 1.8.0,2.2.0-2.2.1,2.0,2.1 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Geoff Appleby in WordPress Module Persistent Login versions 1.8.0,2.2.0-2.2.1,2.0,2.1...

Hacking ChatGPT by Planting False Memories into Its Data

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant "false memories" into that context window that could...

CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...

CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence AI tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of...

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server VPS infrastructures based on the CentOS operating system. "The initial access was accomplished via a Secure Shell SSH brute force attack on the victim's assets, during whi...

Malicious code in ttuiooty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b275fd67a527aba9922dae957015a4e562bebb7e05e51f034b1ac179723b0ff0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.2 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

SUSE CVE-2024-46710

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a buffer "a" mapped for update b...

Falsification and eavesdropping of contents across multiple websites via Web Rehosting services

Overview Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in NDSS 2020. "Web Rehosting" is the name of a grou...

auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...

GHSA-78VG-7V27-HJ67 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...

Apache-ZooKeeper: Apache ZooKeeper: Information disclosure in persistent watcher handling

A flaw was found in the Apache Zookeeper package. Affected versions of this package are vulnerable to Information Exposure due to a missing ACL check in the handling of persistent watchers. An attacker can monitor child znodes by attaching a persistent watcher addWatch command to a parent node th...