MAL-2024-12258 Malicious code in discself (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 271e2fef9fd10cd1a179df1be1e1f92c837d1ecf3d074451a9b1b6205babe511 Package suggests a code to build bots; however, the code just exfiltrates the token given by the user to the hardcoded Discord webhook. Looking at other activi...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...

CVE-2024-45393

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

CVE-2024-45393

Summary: CVAT prior to 2.18.0 is affected by a vulnerability where an account holder can access webhook delivery information for any webhook (including others’) and can redeliver past deliveries or trigger a ping event. The underlying issue is missing authorization for webhook delivery endpoints....

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

PT-2024-31597 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.18.0 Description: The Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook...

CVE-2024-45041 External Secrets Operator vulnerable to privilege escalation

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...

CVE-2024-45041 External Secrets Operator vulnerable to privilege escalation

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

WordPress XSSplorer Challenge: An Expanded Scope for All Researchers in the Wordfence Bug Bounty Program

From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting XSS vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers. This temporary scope expansion...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

Malicious code in bananaholder (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75eb68c36b36e5abf8c54609a124590a23d388ef04d2825da3bd83f8e90c7f46 A dependency is declared as installable from a webhook service, demonstrating a possibility to inject malicious dependency. --- Category: PROBABLYPENTEST -...

MAL-2024-12213 Malicious code in bananaholder (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75eb68c36b36e5abf8c54609a124590a23d388ef04d2825da3bd83f8e90c7f46 A dependency is declared as installable from a webhook service, demonstrating a possibility to inject malicious dependency. --- Category: PROBABLYPENTEST -...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 12, 2024 to August 18, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

GO-2022-0583 Server-Side Request Forgery in gogs webhook in gogs.io/gogs

Server-Side Request Forgery in gogs webhook in gogs.io/gogs...

GO-2023-2014 Woodpecker does not validate webhook before changing any data in github.com/woodpecker-ci/woodpecker

Woodpecker does not validate webhook before changing any data in github.com/woodpecker-ci/woodpecker...

Malicious code in assistant-threader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6dba125172b57e6b24bcd2cc0df076483e1fe36d1969f37e533d611fb6f9d808 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

Malicious code in assisting-threading (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33605e5f943eacd5d5ab7a4c37625226e2ef072f2fd3dac068b169d58ba1c2c9 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...