15 matches found
Malicious code in o3forms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...
MAL-2026-5450 Malicious code in o3forms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...
Agent Audit: A Security Analysis System for LLM Agent Applications
What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...
MAL-2025-191832 Malicious code in pycrackhash (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3323afe460298d80a354497acdd641752c5fb6bce2dce3d7e7625d7a46f1d7c When using methods from the package, it downloads an obfuscated code from Github and puts it in multiple localisation. While it appears that this code is used ...
RAS-Eval: a Comprehensive Benchmark for Security Evaluation of LLM Agents in Real-World Environments
The rapid deployment of Large language model LLM agents in critical domains like healthcare and finance necessitates robust security frameworks. To address the absence of standardized evaluation benchmarks for these agents in dynamic environments, we introduce RAS-Eval, a comprehensive security...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to execute arbitrary code.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing it through an...
CVE-2023-47315
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...
Test manage-findings update with new cors
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...
MuteBond is susceptible to DOS
Lines of code Vulnerability details Proof of Concept Observe that if timeToTokens is called with locktime = 1 week, amount 52, it will return 0. function timeToTokensuint256 amount, uint256 locktime internal pure returns uint256 uint256 weektime = 1 weeks; uint256 maxlock = 52 weeks;...
Transfer of assets should come before deleting and burning the collateral id
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Clldata id is burnt and deleted before transfer Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept...
Some of user funds stuck in contract because of division rounding error in beforeWithdraw()
Lines of code Vulnerability details Impact Function beforeWithdraw has been used in withdraw of Vault contract to calculates withdraw amount of users but because of division rounding error in this funds some user's funds would stuck in contract. Proof of Concept This is beforeWithdraw code:...
CHECK VALID ADDRESS for _auctionStarted
Lines of code%20internal%20virtual%20%7BL214 Vulnerability details Impact Should check for valid address before giving so it can revert if it isn't. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the...
Review your security vulnerabilities in GitHub with code scanning alerts
Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...
iOS Kernel - AppleOscarCompass Use-After-Free
iOS Kernel - AppleOscarCompass Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=606 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...