15 matches found
CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
EUVD-2009-2063
Malware in sbrugna...
Breaking SafetyCore: Exploring the Risks of On-Device AI Deployment
Due to hardware and software improvements, an increasing number of AI models are deployed on-device. This shift enhances privacy and reduces latency, but also introduces security risks distinct from traditional software. In this article, we examine these risks through the real-world case study of...
SAFEx: Analyzing Vulnerabilities of MoE-Based LLMs Via Stable Safety-Critical Expert Identification
Large language models based on Mixture-of-Experts have achieved substantial gains in efficiency and scalability, yet their architectural uniqueness introduces underexplored safety alignment challenges. Existing safety alignment strategies, predominantly designed for dense models, are ill-suited t...
Malicious code in adult-content-detection-aws (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04c7da4fcfb4de71b19452af0a573b825658e46880b543cb625a25552b249fd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3090 Malicious code in adult-content-detection-aws (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04c7da4fcfb4de71b19452af0a573b825658e46880b543cb625a25552b249fd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Spamscanner - Spam Scanner Is The Best Anti-Spam, Email Filtering, And Phishing Prevention Service
Spam Scanner is the best anti-spam, email filtering, and phishing prevention service. Spam Scanner is a drop-in replacement and the best alternative to SpamAssassin, rspamd, SpamTitan, and more. Foreword Spam Scanner is a tool and service built by @niftylettuce after hitting countless roadblocks...
The vulnerability of the Apache Tika content detection and analysis environment, related to memory leaks before deleting the last link, allows attackers to cause service interruptions.
The vulnerability of the Apache Tika content detection and analysis environment is related to memory leaks that occur before the last link is deleted. Exploiting this vulnerability can allow an attacker to cause a service failure...
L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior
Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such as the spread of harmful content an...
Side-Channel Attack Allows Remote Listener to ‘Hear’ On-Screen Images
A stealthy side-channel tactic for digital surveillance has been uncovered, which allows an attacker to “hear” on-screen images. According to a team of academic researchers from Columbia University, the University of Michigan, University of Pennsylvania and Tel Aviv University, inaudible acoustic...
Path traversal
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...
IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit
See attached, zipped in hopes that it doesn't get flagged as malicious/spam :P Thanks, Jeremy...
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that...
Technical Details of Security Issues Regarding Safari for Windows
The first issue is the one described in Microsoft Security Advisory 953818. It's worked out by Aviv Raff: http://www.microsoft.com/technet/security/advisory/953818.mspx http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx It's covered by news but Aviv Raff has not published technical...
CVE-2002-0340
Windows Media Player WMP 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files...