204 matches found
GHSA-C43Q-5HPJ-4CRV vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
CVE-2015-0886 vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
GHSA-J26W-F9RQ-MR2Q vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
GHSA-9H6P-92JQ-888X vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
CVE-2024-9823 vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
CVE-2021-28168 vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
CVE-2021-28168 vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
GHSA-C43Q-5HPJ-4CRV vulnerabilities
Vulnerabilities for packages: cassandra-reaper...
Magento SessionReaper
This module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execution. The vulnerability stems from improper handling of nested deserialization in the payment method context, combined with an unauthenticated file...
CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21
CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...
CVE-2025-66031 affecting package reaper for versions less than 3.1.1-21
CVE-2025-66031 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...
CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21
CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...
CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20
CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20. A patched version of the package is available...
CVE-2018-19797 affecting package reaper for versions less than 3.1.1-20
CVE-2018-19797 affecting package reaper for versions less than 3.1.1-20. A patched version of the package is available...
AZL-71134 CVE-2025-66031 affecting package reaper for versions less than 3.1.1-21
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
AZL-71131 CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
AZL-71125 CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21
An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...
A week in security (October 20 – October 26)
Last week on Malwarebytes Labs: Is AI moving faster than its safety net? Thousands of online stores at risk as SessionReaper attacks spread Apple may have to open its walled garden to outside app stores Meta boosts scam protection on WhatsApp and Messenger Home Depot Halloween phish gives users a...
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in...
EUVD-2018-1875
Malware in sbrugna...