EUVD-2005-4862

Malware in sbrugna...

EUVD-2010-2117

Malware in sbrugna...

EUVD-2021-33945

Malicious code in bioql PyPI...

Duping Cloud Functions: An emerging serverless attack vector

Summary and background Google Cloud Platform GCP Cloud Functions are event-triggered, serverless functions that automatically scale and execute code in response to specific events like Hypertext Transfer Protocol HTTP requests or data changes. Tenable Research published an article discussing a...

@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.7.87) +55 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =1.0.1, =2.8.0-canary.140, =2.20.0 - @tensorflow/tfjs-vis =1.5.1 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

WordPress FoodBakery plugin <= 4.7 - Cross-Site Request Forgery in Multiple Functions vulnerability

Cross-Site Request Forgery in Multiple Functions vulnerability discovered by Lucio Sá in WordPress Plugin FoodBakery versions = 4.7...

CVE-2024-53182 Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()"

In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...

The vulnerability of the backup function of the Cisco Secure Firewall Management Center (formerly Cisco Firepower Management Center) allows a perpetrator to execute arbitrary commands on the basic operating system.

The vulnerability of the cluster backup function of the Cisco Secure Firewall Management Center formerly known as Cisco Firepower Management Center exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

CVE-2022-21141 Airspan Networks Mimosa Incorrect Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

The vulnerability of the is_blog_installed function (wp-includes/functions.php) in the WordPress content management system involves a lack of input validation mechanisms. This allows attackers to access sensitive data, compromise its integrity, and cause service interruptions.

The vulnerability of the isbloginstalled function in the WordPress content management system’s functions.php file is related to improper checking of whether the WordPress system has been installed. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromi...

Information Disclosure

apollo-server-cloud-functions is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

CVE-2019-20334

In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...

php54-php security update

5.4.40-3 - fix more functions accept paths with NUL character 1213407 5.4.40-2 - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026 - ftp: fix integer overflow leading to he...

MoinMoin: Group ACL bypass

Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...

PHP problem

This is not really an advisory, but a warning for sysadmins running webservers with PHP. I noticed that it was possible to rebuild the user database Unix even when safemode prevented from reading /etc/passwd and openbasedir prevented from accessing /etc. The implementation of getpwuid,nam functio...