1041640 matches found
Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025...
Plaintext storage of tokens in pulp_ansible
The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...
Scammers are using AI to sell impossible flowers
We've had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants? Yup, AI seed slop is now a thing. 404 Media documented scammers marketing seeds for plants that supposedly bloom in the shape of birds,...
CVE-2026-42200
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...
CVE-2026-42145
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...
CVE-2026-34170
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...
CVE-2026-34057
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...
ROOT-APP-NPM-CVE-2026-48815 CVE-2026-48815 in @rootio/sigstore - Patched by Root
Root has patched CVE-2026-48815 in the @rootio/sigstore package for Root:npm. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-F4XH-W4CJ-QXQ8 GHSA-f4xh-w4cj-qxq8 in rootio-langsmith - Patched by Root
Root has patched GHSA-f4xh-w4cj-qxq8 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-45134 CVE-2026-45134 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-45134 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-RR7J-V2Q5-CHGV GHSA-rr7j-v2q5-chgv in rootio-langsmith - Patched by Root
Root has patched GHSA-rr7j-v2q5-chgv in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-25528 CVE-2026-25528 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-25528 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-54513 CVE-2026-54513 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2026-54513 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-48809 CVE-2026-48809 in rootio-python-engineio - Patched by Root
Root has patched CVE-2026-48809 in the rootio-python-engineio package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-48802 CVE-2026-48802 in rootio-python-engineio - Patched by Root
Root has patched CVE-2026-48802 in the rootio-python-engineio package for Root:PyPI. Multiple fixed versions available...
CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...
CVE-2026-34170
CVE-2026-34170 affects Coolify before 4.0.0-beta.471, where the GithubApp api_url field is used as the base URL for server-side HTTP requests without proper allowlisting or private IP blocking. An authenticated user can configure a GitHub App source that makes Coolify issue requests to internal s...
EUVD-2026-41997
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...