Malicious code in tango-app-api-trax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c14d60a97b056e00cb3055bd07605c2f16482794e5860fee68cab46f308893d The package tarball includes a Google Cloud service-account JSON file fir-51e77-firebase-adminsdk-x3sdp-fd902b74ae.json containing a live RSA private...

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, k3s, whereabouts, azurefile-csi, incert, spark-operator, hey, mongodb-kubernetes-operator, envconsul,...

GHSA-XH87-MX6M-69F3 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo

Summary When using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For header. Because AWS ALB appends the real client IP address to the end of the X-Forwarded-For header, the first...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=4.0.2 <=5.0.6) +77 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=6.0.0 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =4.0.2, =4.0.2, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2025-64775 Source advisory: SNYK:JAVA-ORG...

EUVD-2020-0297

Malware in sbrugna...

EUVD-2018-0171

Malware in sbrugna...

EUVD-2024-0944

Malicious code in bioql PyPI...

EUVD-2024-0566

Malicious code in bioql PyPI...

EUVD-2024-0757

Malicious code in bioql PyPI...

EUVD-2024-0590

Malicious code in bioql PyPI...

Malicious code in aws-lambda-authenticator (npm)

The package aws-lambda-authenticator was found to contain malicious code...

MAL-2025-15227 Malicious code in aws-lambda-authenticator (npm)

The package aws-lambda-authenticator was found to contain malicious code...

CVE-2024-24753

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

CVE-2024-24754

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...

CVE-2024-24752

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

AWS VDP: A potential risk in the aws-lambda-ecs-run-task which can be used to privilege escalation.

The aws-lambda-ecs-run-task application created a function with a role that had excessive permissions, including the AdministratorAccess policy. This allowed for potential privilege escalation by an attacker...

OPENSUSE-SU-2024:0384-1 Security update for zabbix

This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templat...

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around...

Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files .env that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign,...