MAL-2026-4767 Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2eecfbfdbeccf66833713755c8dffe5f7732119e5d82022a847c508dfef619b0 The package advertises itself as a general-purpose logger, but every call to its debug/info/warn/error/critical methods unconditionally POSTs the...

Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2eecfbfdbeccf66833713755c8dffe5f7732119e5d82022a847c508dfef619b0 The package advertises itself as a general-purpose logger, but every call to its debug/info/warn/error/critical methods unconditionally POSTs the...

SUSE CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

Urban VPN Proxy Surreptitiously Intercepts AI Chats

This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok xAI, Meta AI. For each platform, the extension includes a dedicated "executor" script designed to intercept and capture conversations. The...

CLSA-2025-1744926159 Update of openssl

Backport the implicit rejection mechanism for RSA PKCS1 v1.5 to prevent Bleichenbacher attacks; add an option to disable the mechanism...

Moq v4.20.0-rc to 4.20.1 share hashed user data

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...

Explanation about 'nshttpd' internal services up on ports 80.

After a recent upgrade from 13.0 build 90.11 to 13.1 build 48.47, I noticed a new internal service was installed. "set service nshttpd-gui-x.x.x.x -80 -cip ENABLED" Is this a necessary service and what is it's purpose? If it's not needed, I'd like to disable since it's using port 80...

Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from not allowing system administrators to...

SUSE CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

SUSE CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

How to disable 'Remember my password' option in Citrix Workspace App?

How to disable 'Remember my password' option in Citrix Workspace App?...

PT-2022-23756 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 7 compatible versions prior to V1.17.0 Mendix SAML Mendix 8 compatible versions prior to V2.3.0 Mendix SAML Mendix 9 compatible, New Track versions prior to V3.3.1 Mendix SAML Mendix 9 compatible, Upgrade Track versions pri...

Flarum 安全漏洞

Flarum is an open source forum system for the Flarum community. A security vulnerability exists in Flarum's Byobu extension prior to version 1.1.7, which stems from the fact that Byobu is a private discussion extension for the Flarum forums, and the affected version was found to not allow private...

PT-2022-3642 · Swhkd · Swhkd

Name of the Vulnerable Software and Affected Versions: SWHKD version 1.1.5 Description: The issue is related to unsafe parsing via the -c option, which can lead to an information leak or a denial of service memory exhaustion when attempting to parse large or infinite files, such as block or...

Some Android users can disable 2G now and why that is a good thing

The Electronic Frontier Foundation EFF has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is beneficial because 2G uses weak encryption between the tower and devi...

PT-2021-19212 · Cncf · Cncf Cortex

Name of the Vulnerable Software and Affected Versions: CNCF Cortex versions prior to 1.8.1 Description: The issue concerns a local file disclosure problem in the Alertmanager component when the -experimental.alertmanager.enable-api option is enabled. This allows an attacker to potentially send an...

CVE-2020-17509

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected...

PT-2019-12248 · Matrix · Matrix Sydent

Name of the Vulnerable Software and Affected Versions: Matrix Sydent versions prior to 1.0.2 Description: The issue arises from the handling of registration restrictions based on e-mail domain in util/emailutils.py. Specifically, when the allowed local 3pids option is enabled, it can lead to...

JDK: privilege escalation via insufficiently restricted access to Attach API

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...