1401 matches found
PYSEC-2026-446 Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.
There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in minimatch (CVE-2026-26996)
Summary A Regular Expression Denial of Service ReDoS vulnerability in the minimatch pattern matching library CVE-2026-26996 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch i...
SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞
SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...
Measuring Onion Website Discovery and Tor Users' Interests with Honeypots
Tor enables anonymous web browsing and access to anonymous onion websites. Prior work has focused on crawling and content analysis rather than on what users actually try to access. Our honeypot approach measures engagement across onion-site categories, revealing behavioral interest rather than...
CVE-2018-25166 Meneame English Pligg 5.8 SQL Injection via search Parameter
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...
Meneame English Pligg SQL注入漏洞
Meneame English Pligg is a social news website aggregation script developed by the Meneame community. Version 5.8 of Meneame English Pligg contains an SQL injection vulnerability. This vulnerability stems from the search parameter in the index.php file, which allows for SQL injections, potentiall...
CVE-2025-67500
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...
CVE-2025-67500
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...
CVE-2025-67500
CVE-2025-67500 affects Mastodon prior to fixed versions: 4.2.28, 4.3.15, 4.4.10 and 4.5.3. The issue stems from error-handling discrepancies that let an attacker determine whether a private status exists by sending a request with a non-English Accept-Language header; it does not reveal the status...
CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...
CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...
MAL-2025-190485 Malicious code in zooarchaeology-darkmatter-higgs-algol (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e40bacfaf5995390d7123e836a60c8f771cd8c541530f8bac5be2044ff74b519 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meteor-deneb-phoebe-paleoanthropology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e503587813565ccf9b93395be34e61ce05fd7b6a71e5c4f6f1bc95a90b27696 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187190 Malicious code in good-chi-nu-info-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f42b6bf2a01b6334b369bee120683abc5377dbaa3c0215c6a61aa6e01154bdbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185685 Malicious code in avior-ganymede-backend-hexo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a4711152c4083ccdb19747bdc390909e2dd6d6c64e5f7d82894ecc60e1fad7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in relay-neutrino-procyon-stratigraphy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b46d1421bf767e864fb70e46a380881c11baaf943274c94aeff70da06d51a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189276 Malicious code in rollup-plugin-start-galaxy-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6f6f9ff2255f568a5fe51812bfe0074491bde1fc7e58142a7d271a74671ed39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188258 Malicious code in new-optimize-async-spy-process (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b1c7a23fc78fcdeadaf377309af5ca61840ff7fca1e1debb675390e587536c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...