Malicious code in yappy_yak_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf63c95669eeec24089e295bd1f862d44cda83ac44459e2d7ca3c12e3302c34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2024-0020

Malicious code in bioql PyPI...

SUSE CVE-2025-53103

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...

CVE-2025-50695

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting XSS in /admin/view-booking-detail.php and /admin/invoice-generating.php...

CVE-2025-50695

CVE-2025-50695 affects PHPGurukul Online DJ Booking Management System 2.0. The vulnerability is Cross Site Scripting (XSS) in the admin endpoints /admin/view-booking-detail.php and /admin/invoice-generating.php. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N with a base scor...

PHPGurukul Online DJ Booking Management System 安全漏洞

PHPGurukul Online DJ Booking Management System is an online DJ booking management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online DJ Booking Management System version 2.0, which originates from cross-site scripting in /admin/view-booking-detail.php and...

[SECURITY] Fedora 40 Update: perl-Data-UUID-1.227-1.fc40

This module provides a framework for generating v3 UUIDs Universally Unique Identifiers, also known as GUIDs Globally Unique Identifiers. A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...

GHSA-X2H8-QMJ4-G62F ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

This Week in Spring - February 6th

Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC 1 Billion Row Challenge...

at _modifyCollateralBalance when locking and generating debt your wad is going to be negative number but at the token Collateral mapping should not have any negative numbers

Lines of code Vulnerability details Impact the protocol will not work, all functions will not work Proof of Concept you cannot set negative number to uint256 Tools Used manual Recommended Mitigation Steps change the mapping to : mappingbytes32 cType = mappingaddress safe = int256 wad public...

Part II: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

In Part I of this three-part blog series, we discussed building a cyber risk metrics program from the ground up. We also discovered how to implement effective strategies for holistically articulating your cyber risk posture across your organization. In our second installment, we’ll delve deeper...

Zloader, another botnet, bites the dust

Microsoft has announced that its Digital Crimes Unit DCU has taken legal and technical action to disrupt a malicious botnet called Zloader. Zloader or Zbot are common names used to refer to any malware related to the ZeuS family. There are a lot of those because the ZeuS banking Trojan source cod...

T-Reqs-HTTP-Fuzzer - A Grammar-Based HTTP Fuzzer

T-Reqs T wo Req uests is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling with Differential Fuzzing" which was presented at ACM CCS 2021. BibTeX of the paper: @inproceedingsccs2021treqs, title=T-Reqs: HTTP Request Smuggling with Differential Fuzzin...

HD Quiz < 1.8.4 - Authenticated Stored XSS

The plugin does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues PoC Create or edit a Quiz, and put the following payload as an Answers of a "Multiple Choice: Text" Question: " autofocus...

A hacker claims to be selling sensitive data from OTP generating firm

By Habiba Rashid A hacker appears to be selling sensitive data they claim to have stolen from an OTP-generating company. Here's what we know so far! This is a post from HackRead.com Read the original post: A hacker claims to be selling sensitive data from OTP generating firm...

Cross-site Request Forgery (CSRF)

bolt/bolt is vulnerable to cross-site request forgery. The vulnerability exists as it accepts requests without a valid token in the preview generating endpoint in src/Controller/Frontend.php which allows an attacker to inject and execute arbitrary javascript...

CVE-2020-4040

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...

Apple App Store Riddled With Money-Sucking Fleeceware Apps

Researchers are warning iPhone users of fleeceware apps after finding more than 30 examples of them on Apple’s App Store. Fleeceware is jargon for apps that trick users into paying excessive fees for basic applications and functionality that is available free elsewhere. Many of these fleeceware...

[SECURITY] Fedora 28 Update: netmask-2.4.4-1.fc28

This is a handy tool for generating terse netmasks in several common formats. If you've ever maintained a firewall with more than a few rules in it, you might use netmask to clean up and generalize sloppy rules left by the network administrator before you. It will also convert netmasks from one...