1748 matches found
GlassWorm attack installs fake browser extension for surveillance
GlassWorm hides inside developer tools. Once it's in, it steals data, installs remote access malware, and even a fake browser extension to monitor activity. While it starts with developers, the impact can quickly spread. With stolen credentials, access tokens, and compromised tools, attackers can...
PT-2026-28288
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software contains hardcoded sensitive data, potentially allowing an attacker to gain access to the source code. If the source code is stored in insecure repositories, the...
CVE-2026-33353
CVE-2026-33353 affects Soft Serve: from v0.6.0 to before v0.11.6 an authorization flaw in repo import permits any authenticated SSH user to clone a server-local Git repository (even another user’s private repo) into a new repository under their control. The issue is mitigated by upgrading to v0.1...
CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...
CVE-2026-33353
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...
EUVD-2026-14013
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...
CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...
CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the repo import process. An attacker can access unauthorized server-local private repositories by initiating a clone operation after authenticating. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the repo import process. An attacker can access unauthorized server-local private repositories by initiating a clone operation after authenticating. Remediation Upgrade...
GO-2026-4788 In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve
In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve...
DSpace 9.2 REST API Automated Document Discovery and Download
This is a framework for collecting data from DSpace systems. Built using Selenium, it is designed to automatically discover and download documents from web repositories and public portals...
MAL-2026-2117 Malicious code in tui-ascii-art (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4358458e150317ab394c6dd2d0137a8c395a32bae309cc1bfd829f123dab1393 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
Malicious code in indpack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85f1ca1d5abdcf2139039fc5e8a08068a8c2cacca8a31fed38fbde74f7b8c04d These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
MAL-2026-2114 Malicious code in indpack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85f1ca1d5abdcf2139039fc5e8a08068a8c2cacca8a31fed38fbde74f7b8c04d These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
Malicious code in reqpack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2b2e7d451cecf418103df6ecbe4625c5b08cc561e843e00f4ec37efde665c320 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
MAL-2026-2116 Malicious code in reqpack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2b2e7d451cecf418103df6ecbe4625c5b08cc561e843e00f4ec37efde665c320 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
Malicious code in gcpipwrap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 af8d2f3dec668a16adf691aa26e16be82e62c2cdf993da1f4ff4afaceac30e92 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
Malicious code in nspack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
In Soft Serve, an authenticated repo import can clone server-local private repositories
Summary An authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This breaks the private-repository confidentiality boundary and should be treated as High severity...