Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

Progress Software MOVEit 安全漏洞

Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.11, as well as versions from 2025.1.0 to 2025.1.7, contained security vulnerabilities due to unlimited resource...

DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive prior to 4.8.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper control over modifications to object properties and unlimited resource...

MeWare PDKS 安全漏洞

MeWare PDKS is a personnel management system for enterprise attendance and access control developed by the Turkish company MeWare. Versions of MeWare PDKS from V16.20200313 to VMYR3.5.2025117 contained security vulnerabilities. These vulnerabilities were caused by improper control of interaction...

EUVD-2026-25327

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

PT-2026-34774

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.6 had security vulnerabilities; these vulnerabilities were due to insufficient entropy, which could allow for hash flood attacks via specially crafted XML documents...

EUVD-2019-2134

Malware in sbrugna...

EUVD-2008-2118

Malware in sbrugna...

Largest DDoS Attack to Date

It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It...

CVE-2019-10079

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions...

Enable TCP-SYN Cookie Protection

TCP-SYN cookie protection mitigates the impact of SYN flood attacks on the system. When an attacker launches a SYN flood attack, the half-open connection queue in the kernel is quickly exhausted to block valid connections. If SYN cookie is enabled, the system can still accept valid connections ev...

Drupal Stage File Proxy 安全漏洞

Drupal Stage File Proxy is a Drupal module for the Drupal community. A security vulnerability exists in Drupal Stage File Proxy versions prior to 3.1.5, which stems from an unrestricted resource allocation and could lead to a flood attack...

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service (CVE-2018-0378)

A vulnerability in the Precision Time Protocol PTP feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of...

OESA-2022-1982 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing

Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service DDoS attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peake...

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...

Security feature bypass

in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two...

CVE-2019-10079

Apache Traffic Server (ATS) is vulnerable to HTTP/2 setting flood attacks due to not limiting the number of HTTP/2 setting frames from a client. Affected versions include older ATS releases; remediation is to upgrade to 7.1.7, 8.0.4, or later. The provided documents describe a denial-of-service r...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.18 gRPC security update

An update for gRPC, included in sriov-network-device-plugin-container, is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...