Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw...

EUVD-2018-4558

Malware in sbrugna...

EUVD-2017-1555

Malware in sbrugna...

EUVD-2019-14906

Malware in sbrugna...

EUVD-2023-36560

Malicious code in bioql PyPI...

CVE-2019-5301

Huawei smart phones Honor V20 with the versions before 9.0.1.161C00E161R2P2 have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain som...

ALSA-2025:7118 Important: osbuild and osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

CVE-2023-52723

In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value...

Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Summary An attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. Details The vulnerability is rooted i...

nextEpoch is incorrect

Lines of code Vulnerability details Impact Rewards and voting weights are aligned on a weekly basis. However, nextEpoch is calculated incorrectly, which may break the invariant "The total rewards that are sent for one block should never be higher than the rewards that were configured for this...

Incorrect fee splitting logic

Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...

Sql injection

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...

CVE-2023-32308 SQL Injection Vulnerability in anuko timetracker

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...

Debian: Security Advisory (DLA-1178-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1179-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Missing check for address(0)

Lines of code Vulnerability details Impact Anyone can use address0 as a matchingPolicy contract Proof of Concept The Owner can invoke addPolicy with policy == address0 by mistake to the whitelistedPolicies and the malicious users could do bad things with matchingPolicy == address0 Recommended...

GHSA-G6W6-R76C-28J7 Incorrect Authorization in NATS nats-server

This advisory is canonically Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level...

Incorrect Authorization in NATS nats-server

This advisory is canonically Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level...

Information disclosure

Huawei smart phones Honor V20 with the versions before 9.0.1.161C00E161R2P2 have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain som...

Security Advisory - Information Leak Vulnerability on Some Huawei Smart Phones

There is an information leak vulnerability on some Huawei smart phones. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. Vulnerability ID:...