43 matches found
EUVD-2015-5184
Malware in sbrugna...
EUVD-2024-48392
Malicious code in bioql PyPI...
Overcoming Risks from Chinese GenAI Tool Usage
A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which...
GHSA-F7GQ-H8JV-H3CQ ash_authentication_phoenix has Insufficient Session Expiration
Impact Session tokens remain valid on the server after user logout, creating a security gap where: - Compromised tokens via XSS, network interception, or device theft continue to work even after the user logs out - The sessions stored in the database still expire, limiting the duration during whi...
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...
CVE-2024-7472
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
SUSE SLES12 Security Update : kernel (Live Patch 56 for SLE 12 SP5) (SUSE-SU-2025:0892-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0892-1 advisory. This update for the Linux Kernel 4.12.14-122216 fixes several issues. The following security issues were fixed: - CVE-2024-46818:...
SUSE SLES12 Security Update : kernel (Live Patch 59 for SLE 12 SP5) (SUSE-SU-2025:0927-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0927-1 advisory. This update for the Linux Kernel 4.12.14-122225 fixes several issues. The following security issues were fixed: - CVE-2024-46818:...
SUSE-SU-2025:0942-1 Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059150 fixes several issues. The following security issues were fixed: - CVE-2024-46818: drm/amd/display: Check gpioid before used as array index bsc1231204. - CVE-2021-47261: Fix initializing CQ fragments buffer bsc1224954 - CVE-2024-50302: HID: core:...
SUSE-SU-2025:0908-1 Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122201 fixes several issues. The following security issues were fixed: - CVE-2024-46818: drm/amd/display: Check gpioid before used as array index bsc1231204. - CVE-2024-50302: HID: core: zero-initialize the report buffer bsc1233679. - CVE-2022-48792: scsi:...
GHSA-PH5M-227M-FC5G vulnerabilities
Vulnerabilities for packages: chromium...
PT-2025-2363 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: A CVE record was rejected for compliance due to inactivity. The reason for rejection is that the CVE record hasn't been used, which is to comply...
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
Amazon Linux 2 : ca-certificates (ALAS-2024-2607)
The version of ca-certificates installed on the remote host is prior to 2023.2.68-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2607 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while...
Low: ca-certificates
Issue Overview: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from GLOBALTRUST. Certifi 2024.07.04 removes ro...
Amazon Linux 2023 : ca-certificates (ALAS2023-2024-682)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-682 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07...
Low: ca-certificates
Issue Overview: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from GLOBALTRUST. Certifi 2024.07.04 removes ro...
Rapid7 Introduces Exposure Command to Eliminate the Security Visibility Gap
Exposure Command provides 360-degree visibility and enables security teams to pinpoint and extinguish your most critical risks. Security and IT teams are experiencing a significant shift in operations as they become more distributed. Development and procurement processes have decentralized, and...
CVE-2024-39689
A flaw was found in Certifi, a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certain versions of Certifi recognized root certificates from 'GLOBALTRUST'. However, pursuant to an investigation that identifi...