CVE-2026-35379

A flaw was found in the tr utility of uutils coreutils. A logic error causes the program to incorrectly define the :graph: and :print: character classes, reversing their standard behavior. This vulnerability can lead to unintended data modification or loss when the utility is used in automated...

MAL-2025-137221 Malicious code in tania-nasi23-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa3777fe821d5173f5c8e8829636ae7f24dcc5167f5ed0845025ce1be0ea9892 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-133698 Malicious code in gilang-bubur75-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c323aea040242ba6c90e88b7c5a9c5e27830b9c920f870672a5da70eff43f388 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Fraud Ring Launders Money Via Fake Charity Donations

A money-laundering fraud ring is targeting donation sites, taking advantage of the outpouring of charity sparked by the global pandemic. Dubbed Cart Crasher by the Sift security firm, the fraud ring leverages guest checkout options on donation sites to steal money and launder stolen payment cards...

Spotify Suffers Second Credential-Stuffing Cyberattack

Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users. Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same...

MS Live CAPTCHAS Busted by PushDo Botnet

The prolific Pushdo spam botnet has found a new way to penetrate Microsoft’s Live.com by exploiting weaknesses in the audio captchas designed to prevent automated scripts from accessing the popular email service. Read the full article. The Register...

WordPress Plugin SpamBam - Key Calculation Security Bypass

WordPress Plugin SpamBam - Key Calculation Security Bypass source: https://www.securityfocus.com/bid/27291/info SpamBam is prone to a security-bypass vulnerability because client-accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form...

WordPress Plugin SpamBam - Key Calculation Security Bypass

source: https://www.securityfocus.com/bid/27291/info SpamBam is prone to a security-bypass vulnerability because client-accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form data via automated scripts and distribute spam...

Design/Logic Flaw

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts...

CVE-2006-2733

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts...

GnuPG 1.x - Detached Signature Verification Bypass

source: https://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed. Exploiting this issue allows...

SUSE-SA:2006:008: openssh

The remote host is missing the patch for the advisory SUSE-SA:2006:008 openssh. A problem in the handling of scp in openssh could be used to execute commands on remote hosts even using a scp-only configuration. This requires doing a remote-remote scp and a hostile server. CVE-2006-0225 On SUSE...