447 matches found
CVE-2025-0065
creationtimestamp| type| source ---|---|--- 2025-01-28 10:23:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113905487848074528 2025-01-28 11:15:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsdbqlg7r2n 2025-01-28 12:00:20+00:00| seen|...
CVE-2025-21564
Oracle Agile PLM Framework (Oracle Supply Chain) is affected in version 9.3.6, specifically the Agile Integration Services component. The CVE entry describes an easily exploitable vulnerability allowing a low-privileged attacker with network access via HTTP to obtain unauthorized access to critic...
CVE-2025-21508
CVE-2025-21508 affects Oracle JD Edwards EnterpriseOne Tools, specifically the Web Runtime SEC component. Affected versions are prior to 9.2.9.0. The vulnerability allows a low-privileged, unauthenticated attacker with network access over HTTP to cause a hang or frequent crashes (complete denial ...
Malicious code in chipped (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8b4d484b6a0b05dde597bbc9ba800eec0c201e3fc81387511d009ae01d5e07b3 The OpenSSF Package Analysis project identified 'chipped' @ 1.1.0 npm as malicious. It is considered malicious because: - The package communicat...
MAL-2024-12070 Malicious code in yb2bacceleratorstorefront-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7d6b9ec48a872ef195c69f3ecee359b142d1f9bb683a236c67a0c96876efafd0 The OpenSSF Package Analysis project identified 'yb2bacceleratorstorefront-web' @ 1.0.0 npm as malicious. It is considered malicious because: -...
CVE-2024-54101
creationtimestamp| type| source ---|---|--- 2024-12-12 11:44:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113639676531469272...
Malicious code in @flutteruki-gaming/eslint-config-flutteruki-gaming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1d4e889992a980c69235fc81b993e0417a4bf52dcb6e16a20b0c32e8cf3057fe The OpenSSF Package Analysis project identified '@flutteruki-gaming/eslint-config-flutteruki-gaming' @ 1.8.0 npm as malicious. It is considered...
CVE-2024-12015
creationtimestamp| type| source ---|---|--- 2024-12-02 13:31:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113583475655174182...
ProjectSend R1605 Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploadin...
Malicious code in unity-xlsx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c00dae819c9f67995c5364676a4b71e58196df002687ac1e333816c86e0bd53d The OpenSSF Package Analysis project identified 'unity-xlsx' @ 0.1.0 npm as malicious. It is considered malicious because: - The package...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
EN Is a Proof of Concept PoC script to check for vulnerabil...
Malicious code in ui-extensions-test-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 612535ed853f3bcea44a30e8568888db73a09aa577ffd88994bf21ea077c985a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. Its a complicated attack, requiring the victims username and password, and physical access to their YubiKey--as well as some technical expertise and equipment. Still, nice piece of security analysi...
Examining the Polyfill Attack from Akamai's Point of View
...
Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as moder...
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICEN...
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs
What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...
New Lattice Cryptanalytic Technique
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer...
Fortinet FortiPortal Authorization Issues Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. An authorization issue vulnerability exists in Fortinet FortiPortal that stems from the...