25 matches found
MAL-2025-191587 Malicious code in sing-fest-es-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 568dedb347f57208c9d7934b8818262beac7eba759430a41f2d3a12d23e12399 The package sing-fest-es-logger was found to contain malicious code...
Malicious code in sing-fest-es-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 568dedb347f57208c9d7934b8818262beac7eba759430a41f2d3a12d23e12399 The package sing-fest-es-logger was found to contain malicious code...
EUVD-2024-51608
Malicious code in bioql PyPI...
Impressions from PHDays Fest
Impressions from PHDays Fest. The scale was just insane. You walk and walk - and there's action everywhere, and all of it is PHDays, every bit of it. It totally blew my mind, I saw just a tiny fraction of everything that was going on. In the public area, I was impressed by the university pavilion...
WordPress Boom Fest plugin <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by SOPROBRO in WordPress Plugin Boom Fest versions = 2.2.1...
CVE-2024-13449
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...
CVE-2024-13449
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...
CVE-2024-13449 Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...
CVE-2024-13449 Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...
CVE-2024-13449
CVE-2024-13449 affects the Boom Fest WordPress plugin and vues up to version 2.2.1. A missing capability check in bf_admin_action allows authenticated users with Subscriber-level access and above to modify plugin settings that affect site appearance. Remediation per sources (PT-2025-2177) is to u...
WordPress plugin Boom Fest 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-2177 · WordPress · Boom Fest
Name of the Vulnerable Software and Affected Versions: Boom Fest plugin for WordPress versions prior to 2.3 Description: The issue is related to a missing capability check on the bf admin action function, allowing authenticated attackers with Subscriber-level access and above to update plugin...
Malicious code in karma-fest-preprocessor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12fc59d44987dfafc3d0226a2629d1aa8294664f22936a59406d8e77b6695b2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-130 Malicious code in karma-fest-preprocessor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12fc59d44987dfafc3d0226a2629d1aa8294664f22936a59406d8e77b6695b2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 40 Update: truth-1.0.1-11.fc40
Truth is a library provides alternative ways to express assertions in unit tests. It can be used as a replacement for JUnit's assertions or FEST or it can be used alongside where other approaches seem more suitable...
fest-der-sinne.info Improper Access Control vulnerability OBB-3836965
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Rapid7 Data Engineers Inspire Future Tech Talent at Summer Search Career Fest
We are thrilled to share some exciting news from our data engineering team at Rapid7. Earlier this month, our very own data engineers had the honor of being panelists at the technology panel organized by Summer Search, a fantastic organization that our CEO, Corey Thomas, is on the Leadership...
berlinchilifest.com Cross Site Scripting vulnerability OBB-3286615
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kurt-weill-fest.de Cross Site Scripting vulnerability OBB-2741963
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
veszpremfest.hu Cross Site Scripting vulnerability OBB-2371802
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...