1235 matches found
MAL-2025-55037 Malicious code in hackerone-internal-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e6417e8eaebc0aa37552f263af3e1445a1a3cb50245074d579c9b818a73e6 The package hackerone-internal-test was found to contain malicious code. Source: ossf-package-analysis...
curl: HackerOne
HackerOne Impact HackerOne...
CrowdStrike Falcon Sensor 7.16.x < 7.16.18637 / 7.24.19608 / 7.25.19706 / 7.26.19809 / 7.26.19811 / 7.27.19907 / 7.28.20006 Multiple Vulnerabilities
The version of CrowdStrike Falcon Sensor installed on the remote host is prior to 7.16.18637, 7.24.19608, 7.25.19707, 7.26.19813, 7.27.19909, or 7.28.20008. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - A race condition exists in the Falcon sensor...
CVE-2025-42706
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility LTV...
CVE-2025-42701
A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...
EUVD-2025-33293
A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...
CVE-2025-42701 CrowdStrike Falcon Sensor for Windows Race Condition
A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...
CVE-2025-42701
CVE-2025-42701 (CrowdStrike Falcon Sensor for Windows) describes a local race condition that could let an attacker, who already has code execution on a host, delete arbitrary files. A fix exists in Falcon Sensor for Windows version 7.24 and above and in all LTV sensors; Falcon sensors on Mac, Lin...
CVE-2025-42706 CrowdStrike Falcon Sensor for Windows Logic Error
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility LTV...
PT-2025-41294
Name of the Vulnerable Software and Affected Versions CrowdStrike Falcon sensor for Windows versions prior to 7.24 CrowdStrike Falcon sensor for Windows Long Term Visibility LTV sensors prior to 7.24 Description A race condition exists in the Falcon sensor for Windows that could allow an attacker...
PT-2025-40539
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
October marks Cybersecurity Awareness Month, a time when the developer community reflect on the importance of security in the evolving digital landscape. At GitHub, we understand that protecting the global software ecosystem relies on the commitment, skill, and ingenuity of the security research...
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
Malicious code in hackerone-app-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-48892 Malicious code in hackerone-app-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7989720a786925f09101ea3e9ebce9bf8190a57a6401b6e46125a75ad160bc66 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PT-2025-37106
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2 Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerabili...
Scanners-Box
This is a collection of open-source scanners from the GitHub platform, including subdomain enumeration, database vulnerability scanners, weak password or information leak scanners, port scanners, fingerprint scanners, and other large-scale scanners. The collection is maintained by We5ter and...
Google Sign-In for Rails allowed redirect to protocol-relative URI
Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...
GHSA-X5GV-JW7F-J6XJ Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...