4 matches found
MAL-2026-6766 Malicious code in @marketfront/baobabtech (npm)
The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
MAL-2026-6781 Malicious code in @marketfront/gotoauthpopup (npm)
The @marketfront/gotoauthpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management MOM software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The...