a2ml (>=0.1.0 <=0.1.2), aadetools (>=0.0.3 <=0.0.5) +629 more potentially affected by CVE-2022-40898 via wheel (>=0.24.0 <=0.38.0)

wheel PYPI version =0.24.0, =0.1.0, =0.0.3, =3.0.0, =0.1.1, =0.1.0, =1.0.0, =0.14.0, =1.4.6, =1.0.1, =1.0.17, =3.9.0, =2.4.1, =4.1.1 and more Source cves: CVE-2022-40898 Source advisory: OSV:GHSA-QWMP-2CF2-G9G6...

Path Traversal

lite-dev-server is vulnerable to path traversal. The vulnerability exists in server.js because it aims to access files and directories that are stored outside the intended folder. By manipulating files with dot-dot-slash ../ sequences and its variations it may be possible to access arbitrary file...

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25895

CVE-2022-25895 affects lite-dev-server. All versions are vulnerable to Directory Traversal due to missing input sanitization and sandboxing of the req.url input passed to the server code. The root cause is that the server reads and uses user-supplied URLs without proper normalization, enabling ac...

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things IoT devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow...

Cookie without Secure attribute

Description At the moment, memossession has the value false at secure flag. Proof of Concept 1. Access to web demo https://demo.usememos.com/ 2. Use browser's dev tool to check the cookie, we can see there is a memossession having value false at Secure...

lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

GHSA-PPPV-CH8P-RP2W lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: OSV:GHSA-PPPV-CH8P-RP2W...

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

GHSA-3MMH-VQ9W-4C3G Microweber vulnerable to Reflected Cross-site Scripting

Microweber versions 1.3.1 and prior are vulnerable to Reflected Cross-site Scripting XSS. A patch is available on the 1.4, dev, and laravel-sail branches...

Microweber vulnerable to Reflected Cross-site Scripting

Microweber versions 1.3.1 and prior are vulnerable to Reflected Cross-site Scripting XSS. A patch is available on the 1.4, dev, and laravel-sail branches...

lite-dev-server 路径遍历漏洞

lite-dev-server is an http file server for development by the individual developer Gavrilov Rusla. A security vulnerability exists in lite-dev-server that stems from a lack of input cleanup and a directory traversal vulnerability...

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service DDoS attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices...

quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

Important: Red Hat Security Advisory: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update

An update is now available for Red Hat build of Quarkus Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

Arbitrary Code Injection

akeneo/pim-community-dev is vulnerable to arbitrary code injection. The vulnerability exists in Location parameter in httpd.conf because of not properly validate user inputs which allows an attacker to inject and execute malicious code into the system...

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...