22 matches found
EUVD-2026-39178
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...
PT-2026-52201
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 14.8 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An issue exists where improper input validation could allow an authenticated user to conceal content...
Malicious code in prisma-client-python (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...
CVE-2026-9053
Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...
Directus 安全漏洞
Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.17.0 contained a security vulnerability. This vulnerability stemmed from the use of aggregate functions on conceal-type fields, whi...
CVE-1999-0098
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities...
CVE-1999-0448
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request...
EUVD-1999-0552
Malware in sbrugna...
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Trend Micro's Threat Hunting Team has observed EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity...
PT-2024-30655 · Gitoxide · Gitoxide
Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometim...
Decoding Water Sigbin's Latest Obfuscation Tricks
Water Sigbin aka the 8220 Gang exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against...
Design/Logic Flaw
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a...
The vulnerability of the Protect technology of the Yandex Browser allows a violator to conceal notifications of suspicious content.
The vulnerability of the Protect technology of the Yandex Browser is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to conceal notifications of suspicious content...
CVE-2020-9916
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the...
The vulnerability of the scp file copy-to-remote utility’s implementation, related to access control deficiencies, allows a perpetrator to conceal the name of the transferred file.
The vulnerability of the scp file copy utility implementation is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to conceal the name of the transferred file while operating remotely...
The vulnerability of the scp file copy-to-remote utility’s implementation, related to access control deficiencies, allows a perpetrator to conceal the name of the transferred file.
The vulnerability of the scp file copy utility implementation is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to conceal the name of the transferred file while operating remotely...
Universal Plug and Play (UPnP): What you need to know
Universal Plug and Play UPnP is a widely used protocol with a decade-long history of flawed implementations across a wide range of consumer devices. In this paper, we will cover how these aws are still present on devices, how these vulnerabilities are actively being abused, and how a...
Uber Paid Hackers $100k to Hide Massive Theft of 75M Accounts
By Waqas It’s surprising to some and shocking to many. Despite a This is a post from HackRead.com Read the original post: Uber Paid Hackers $100k to Hide Massive Theft of 75M Accounts...
DroidStealth — Android Encryption Tool with Stealth Capabilities
We all have Internet-connected smartphones in our pockets, but it’s very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what’s the use if it is cracked by hackers or law enforcement? What if the encrypted files don’t exist in th...
Facebook releases 'Conceal' API for Android developers to Encrypt data on Disk
Many Smartphone applications support, installation or app data storage to an external SD Card, that can be helpful in saving space on the internal memory, but also vulnerable to hackers. Typically, an app that has permission to read and write data from an SD card has the permission to read all da...