com.linkedin.transport:transportable-udfs-test-trino (>=0.1.19 <=0.1.22), com.linkedin.transport:transportable-udfs-trino-plugin (>=0.1.19 <=0.1.22) +8 more potentially affected by CVE-2026-34214 via io.trino:trino-main (>=439 <=479)

io.trino:trino-main MAVEN version =439, =0.1.19, =0.1.19, =464, =439, =472, =439, =439, =439, =439, =464, =472 Source cves: CVE-2026-34214 Source advisory: SNYK:JAVA-IOTRINO-15857194...

GHSA-F456-RF33-4626 Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

Malicious code in faker-py123123thon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fab9d41bcbc9a1625b625705433588c2bc1d08ca71e57783cc29b74bc76ddeba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191625 Malicious code in faker-py123123thon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fab9d41bcbc9a1625b625705433588c2bc1d08ca71e57783cc29b74bc76ddeba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-49310 Malicious code in faker-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d88bf5533b182da36c514791c3e6841d83565d4d7f7065a09cdebddc2509453 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in faker-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d88bf5533b182da36c514791c3e6841d83565d4d7f7065a09cdebddc2509453 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2025-37449

Malicious code in faker-python PyPI...

org.webjars.npm:json-schema-faker (>=0.5.0-rcv.29 <=0.5.0-rcv.33) potentially affected by CVE-2024-21534 via org.webjars.npm:jsonpath-plus (=3.0.0)

org.webjars.npm:jsonpath-plus MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsonpath-plus and may be impacted: - org.webjars.npm:json-schema-faker =0.5.0-rcv.29, =0.5.0-rcv.33 Source cves: CVE-2024-21534 Source...

GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...

PT-2022-20661 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel version 9.1.8 Description: The issue allows Remote Code Execution RCE via an unserialized pop chain in destruct in IlluminateBroadcastingPendingBroadcast.php and call in FakerGenerator.php when processing attacker-controlled data for...

116zm_atm (=1.0.0), 11_mybank (=1.0.0) +611 more potentially affected by CVE-2021-23567 via faker (=6.6.6)

faker NPM version =6.6.6 is affected by a known vulnerability. The following packages have a transitive dependency on faker and may be impacted: - 116zmatm =1.0.0 - 11mybank =1.0.0 - @acceleratxr/react-shared =1.1.0, =0.1.0, =1.0.0, =1.2.1, =1.1.0, =1.3.0, =1.0.0, =1.1.0, =1.2.0, =1.1.0, =1.2.0,...

GHSA-5W9C-RV96-FR7G Removal of functional code in faker.js

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js CVE-2021-23567. The...

Metasploit Wrap-Up

FortiOS Path Traversal Returning community contributor mekhalleh submitted a module targeting a path traversal vulnerability within the SSL VPN web portal in multiple versions of FortiOS. The flaw is leveraged to read the usernames and passwords of currently logged in users which are stored in...

Youzer - Fake User Generator For Active Directory Environments

Fake User Generator for Active Directory Environments Introduction The goal of Youzer is to create information rich Active Directory environments. This uses the python3 library 'faker' to generate random accounts. pip3 install faker You can either supply a wordlist or have the passwords generated...

Ransomware Roundup: Alternative Techniques featuring CTB-Faker

Ransomware is innovating to spread faster, hit harder and increase its payout potential. New unknown variants pop up daily, and many leverage non-malware techniques to evade traditional defenses. CTB-Faker is a perfect example of how modern ransomware is leveraging these new techniques to easily...

Image Faker - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Image Faker published at the 'play' market has multiple vulnerabilities...