Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

GHSA-F7CQ-GVH6-QR25 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

Build Serverless Functions with Zero Cold Starts: WebAssembly and Spin

...

GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack

GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...

Malicious Package

Overview react-toast-cold is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-626 Malicious code in react-toast-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10dcf80d6b6e15bcfb18c2f1a4211efd1c79f6f66e8aa34bbab7107a90d1da86 The package react-toast-cold was found to contain malicious code. Source: ghsa-malware dc67550f336ea3c52946bb6d0ab4f031eee7a60cc562b0fd4220750c72f086...

Malicious code in react-toast-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10dcf80d6b6e15bcfb18c2f1a4211efd1c79f6f66e8aa34bbab7107a90d1da86 The package react-toast-cold was found to contain malicious code. Source: ghsa-malware dc67550f336ea3c52946bb6d0ab4f031eee7a60cc562b0fd4220750c72f086...

CVE-2022-42250

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/viewdetails.php?id=...

CVE-2022-42243

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/managestorage.php?id=...

CVE-2022-42230

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manageuser=...

coldsnap (>=0.4.0 <=0.5.1) potentially affected by unknown CVE via aws-sdk-ebs (>=0.16.0 <=0.24.0)

aws-sdk-ebs CARGO version =0.16.0, =0.4.0, =0.5.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

Discovering the Dimensions of a New Cold War

The United States’ plan for dealing with Putin’s Russia and Xi’s China remains ill-defined among a shifting global order. That must change...

EUVD-2025-202349

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

CVE-2025-61812

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...

CVE-2025-64898

Adobe ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could allow limited unauthorized write access without user interaction. The CVE-2025-64898 entry is corroborated by multiple sources and advisories in the conn...

CVE-2025-61809

Adobe ColdFusion remote vulnerability CVE-2025-61809 arises from Improper Input Validation affecting ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier. The issue could bypass security checks and allow unauthorized read and write access without user interaction, with exploitation described ...

EUVD-2025-177184

Malicious code in pi-authenticate-cold-encrypt-alert npm...

EUVD-2025-179745

Malicious code in chi-mu-socket-cold-small npm...

EUVD-2025-179850

Malicious code in cat-minify-cold-reject-monitor npm...