MAL-2025-1864 Malicious code in instacart-test (npm)

--- -= Per source details. Do not edit below this line.=-...

2025 State of Code Security: Key Trends and Risks

Explore the key insights on code and cloud security risks shaping 2025...

MAL-2025-1138 Malicious code in kiosk-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0cf98cf99dad32c045dfb31f81bc76a17bf67597b85b27273856761d7b3d31e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Updated phpmyadmin packages fix security vulnerabilities

fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...

Vulnerabilities-Proofs-of-Concept

Vulnerabilities Proofs-of-Concept This repository hosts proof...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

KLA77062 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Blink can be...

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

MAL-2024-11672 Malicious code in pydllcfg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94960ddaf12ee1269aaab9abf1893d320ae2ff50fbd17ff4773edab18e7e3a11 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

Your control tower to secure code across GitHub, GitLab, and Azure Repos

Secure your code and the entire development pipeline with the Wiz Security Graph, comprehensive configuration checks, and advanced code scanning...

CVE-2023-49110

CVE-2023-49110 describes an XML External Entity (XXE) injection in Kiuwan SAST when the Kiuwan Local Analyzer uploads scan results. The issue arises during server-side processing of XML files in a ZIP payload, where external XML entities are resolved. A privileged attacker who can scan source cod...

CVE-2023-49110 XML External Entity Injection in Kiuwan SAST

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...

PT-2024-13676 · Unknown · Kiuwan Local Analyzer +1

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST version master.1808.p685.q13371 Description: The issue arises when the Kiuwan Local Analyzer uploads scan results to the Kiuwan SAST web application, which processes XML files containing external entities. This leads to an XML...

CGA-VCW6-GJMF-VCFG

Bulletin has no description...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

Russian Midnight Blizzard Hackers Breached Microsoft Source Code

By Deeba Ahmed Midnight Blizzard aka Cozy Bear and APT29 originally breached Microsoft on January 12, 2024. This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Breached Microsoft Source Code...

CVE-2024-24569

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

CVE-2024-24569 `ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

Java Code Security Toolkit Path Traversal Vulnerability

The Java Code Security Toolkit is a set of security APIs designed to help secure Java code. A path traversal vulnerability exists in Java Code Security Toolkit 1.1.1 and prior versions, which stems from ZipSecurityisBelowCurrentDirectory being susceptible to a partial path traversal vulnerability...

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...