MAL-2025-2551 Malicious code in github.com/vainreboot/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security cd535431a1bde903495e71799081c385016d84659ac004c1c57c0d81e311ee59 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Malicious code in github.com/utilizedsun/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

GO-2025-3485 DoS in go-jose Parsing in github.com/go-jose/go-jose

DoS in go-jose Parsing in github.com/go-jose/go-jose...

CVE-2025-1035

creationtimestamp| type| source ---|---|--- 2025-02-18 12:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihah4hqyk2n 2025-02-18 13:56:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lihg3hftzo2p 2025-02-18 15:08:36+00:00| seen|...

GHSA-F7XF-F3WQ-RVR9

creationtimestamp| type| source ---|---|--- 2025-02-11 10:49:39+00:00| seen| https://github.com/advisories/GHSA-f7xf-f3wq-rvr9...

CVE-2022-3274

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.7...

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2024-1482

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

GHSA-93WW-43RR-79V3

creationtimestamp| type| source ---|---|--- 2025-01-30 18:12:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3504 2025-06-16 20:20:39+00:00| seen| https://gist.github.com/safer-bot/8eded6b925c160dc08c1b28d51d6c0c3 2025-06-17 01:00:32+00:00| seen|...

GO-2025-3398 matrix-media-repo (MMR) allows a denial of service through memory exhaustion in github.com/t2bot/matrix-media-repo

matrix-media-repo MMR allows a denial of service through memory exhaustion in github.com/t2bot/matrix-media-repo...

DependencyCheck

Repository Moved The...

GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager

...

Exploit for Path Traversal in Ghost

CVE-2023-4002 Ghost-Arbitrary-File-Read : The username/email...

GO-2024-3349 OpenShift Must Gather Operator Improper Input Validation vulnerability in github.com/openshift/must-gather

OpenShift Must Gather Operator Improper Input Validation vulnerability in github.com/openshift/must-gather. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2024-12356

creationtimestamp| type| source ---|---|--- 2024-12-17 04:32:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113666290051812274 2024-12-17 06:44:55+00:00| seen| https://t.me/cvedetector/13067 2024-12-17 06:47:32+00:00| seen|...

Our secret ingredient for reverse engineering

Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. W...

GO-2024-3308 Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) in github.com/kolide/launcher

Kolide Agent Privilege Escalation Windows, Versions = 1.5.3, 1.12.3 in github.com/kolide/launcher...

GO-2024-3292 CRI-O: Maliciously structured checkpoint file can gain arbitrary node access in github.com/cri-o/cri-o

CRI-O: Maliciously structured checkpoint file can gain arbitrary node access in github.com/cri-o/cri-o...

GO-2024-3302 ICMP Packet Too Large Injection Attack on Linux in github.com/quic-go/quic-go

ICMP Packet Too Large Injection Attack on Linux in github.com/quic-go/quic-go...

CVE-2024-54132

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...