Malicious code in aclient-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa9e5d91a1f45bce354edc5b12fcacf603db5e00dc4a48628d3fe5fff37d0eb2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in alicloud-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6366aa8c2eff918da0f1cc2118a026e749592f71bebbe81215877575b9593c6a This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191903 Malicious code in time-server-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95abdeda4b05cb93bb442d77d1b339498503b1fddb72e3579359f39c5952513b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191673 Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191676 Malicious code in alicloud-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6366aa8c2eff918da0f1cc2118a026e749592f71bebbe81215877575b9593c6a This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191721 Malicious code in enumer-iam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8062489d0fe9ae58c1937e4afba7f0f3adfbd507e07dd81bb9450bf7f58c6943 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

CVE-2025-21686

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

CLSA-2025-1737155612 git: Fix of CVE-2024-32004

CVE-2024-32004: fetch/clone: detect dubious ownership of local repositories...

CVE-2025-23040 Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...

PT-2025-6059 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when IORING REGISTER CLONE BUFFERS is used to clone buffers from one uring instance to another, where the two instances use different memory managers MMs for accountin...

CVE-2024-13271

Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4...

CVE-2024-13271

The vulnerability CVE-2024-13271 affects Drupal’s Content Entity Clone module. The issue is incorrect authorization that allows forceful browsing and potential disclosure of protected information. Affected versions are 0.0.0 through 1.0.4 of the Content Entity Clone module. Remediation per the co...

CVE-2024-13271 Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035

Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4...

CVE-2024-13271 Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035

Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Content Entity Clone prior to version 1.0.4, which stems from the inclusion of an authorization error vulnerability...

AZL-54744 CVE-2024-56643 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccpfeatchangerecv If dccpfeatpushconfirm fails after new value for SP feature was accepted without reconciliation 'entry == NULL' branch, memory allocated for that value with dccpfeatclonespval is never...

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-17549 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to, and including, 3.11.12 Description: The issue allows authenticated attackers with contributor-level access and above to extract data from password protected, private, or draft posts th...