CVE-2026-42313

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

EUVD-2023-41860

Malicious code in bioql PyPI...

CVE-2025-5661

A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...

CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting

A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...

Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX

How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization's threat response Summary of Findings The Network Effect Threat Report offers insights based o...

K32055534: Brute Force Attack Prevention feature may erroneously stop prevention before an attack is over

Security Advisory Description The Brute Force Attack Prevention feature may stop prevention before the attack is over. This issue occurs when all of the following conditions are met: You configured the BIG-IP ASM system with many virtual servers hundreds that have web application protection with...

Emulating KmsdBot’s Command and Control and Examining Its Attack Traffic

Read about the global impact of KmsdBot, a botnet that hit our honeypot earlier this year, and why the evidence is pointing toward it being a DDoS for hire...

5 Things We’ve Learned About CVE-2021-44228

Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic. Attac...

CVE-2021-40171

The CVE-2021-40171 entry concerns the SecuritasHome Startpaket (HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117). Reported vulnerability: absence of notifications for ongoing RF jamming attacks, which can allow an attacker to block legitimate traffic without alerting the system owner. Public sour...

Exporting Nginx Access Logs to an ELK Cluster

The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of attacks. However, an organization may wish to achieve a greater degree of visibility into attack traffic and alerts than is possible via the Wallarm user interface. The Wallarm...

From the Core to the Edge: 3 Security Imperatives and the Evolving Digital Topology

The breathtaking pace at which everyone and everything is becoming connected is having a profound effect on digital business, from delivering exceptional experiences, to ensuring the security of your customers, applications, and workforce. Consider this: There are over 20 billion connected device...

Introducing Web Security Analytics

Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...

Google Provides Detailed Analysis of GitHub Attack Traffic

The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the...

Clever use Tcpreplay to let the attack traffic sneak-vulnerability warning-the black bar safety net

TcpreplayisNetwork Securityin a commonly used tool, for its message playback feature we are very clear, but for it to replay rewrite the packets of the contents of the function application but not very much, if can skilled application of Tcpreplay packet rewriting function it is possible to make...