@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

Binary_Exploitation_Material

Binary Exploitation Material Personal collection of binary ex...

[SECURITY] Fedora 43 Update: mupdf-1.27.1-4.fc43

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...

MAL-2024-1119 Malicious code in flow-code-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9258acb8507f9f496025b3b1cd2293980746d866319fd79ef9277564a474495a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flow-code-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9258acb8507f9f496025b3b1cd2293980746d866319fd79ef9277564a474495a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens

Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...

Mirai Botnet Abusing Log4j Vulnerability

Threat Researcher Larry Cashdollar has discovered evidence of the Mirai botnet abusing Log4j vulnerability and shares code examples...

GHSA-58MJ-PW57-4VM2 Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

Sire 2.0 Nws Remote File inclusion &amp; Arbitary Files Upload

by Moroccan Security Team Geetz To All Freind +File Inclusion: Input passed to the "rub" parameter in "lire.php" isn't properly verified, before it is used to include remote files Successful exploitation requires that "registerglobals" is enabled. lire.php code ? 73...

Microsoft Windows - &#039;RPC DCOM2&#039; Remote (MS03-039)

/ RPCDCOM2.c ver1.1 copy by FLASHSKY flashsky at xfocus.org 2003.9.14 / include include include include include include unsigned char bindstr= 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,...