Malicious code in iceberg-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...

CVE-2026-2460

CVE-2026-2460 affects REB500. An authenticated user with low privileges can use the DAC protocol to access and alter directory content to which they are not authorized. The documented impact includes high confidentiality and integrity risks (per CVSS 4.0, base score 7.6). Exploit details, affecte...

PT-2025-50520

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

EUVD-2013-3392

Malware in sbrugna...

EUVD-2013-1830

Malware in sbrugna...

EUVD-2002-0200

Malware in sbrugna...

EUVD-2025-18676

Malicious code in bioql PyPI...

EUVD-2024-25852

Malicious code in bioql PyPI...

EUVD-2022-49745

Malicious code in bioql PyPI...

CVE-2022-46967

An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory...

CVE-2024-49359

CVE-2024-49359 affects ZimaOS (fork of CasaOS) prior to or including version 1.2.4. The vulnerability is a directory traversal in the API endpoint /v2_1/file, exploitable by an authenticated user who can manipulate the path parameter to list arbitrary directories (e.g., /etc) on the server. The r...

Security Bulletin: Vulnerabilities in Eclipse Jetty and JUnit4 affect watsonx.data

Summary Eclipse Jetty could allow remote attacks to obtain sensitive information and JUnit4 could allow a local attacker to obtain sensitive information. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-10246 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain...

CVE-2023-28865

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories e.g., ensuring the expected hash sum during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who...

CVE-2023-28865

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories e.g., ensuring the expected hash sum during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who...

CVE-2023-28865

The CVE concerns Diebold Nixdorf Vynamic Security Suite (VSS). In versions before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02, VSS fails to validate directory contents during Pre-Boot Authorization (PBA). The underlying issue is improper validation of certain directories (e.g., mismatch of...

PT-2025-2397 · Ibm · Ibm Security Directory Integrator +1

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue could disclose sensitive information about directory contents, potentially aiding in further attacks against the...