Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

Authorization Bypass Through User-Controlled Key

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public shared-view endpoints, which exposed values from columns that were intended to be hidden. An attacker can access sensitive information by crafting reques...

Kernel Observability for Data Movement

Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system behavior tracking...

EUVD-2025-34794

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

UBUNTU-CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

WordPress plugin Restrict for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-15914 · WordPress · Elementor

Name of the Vulnerable Software and Affected Versions: Restrict for Elementor plugin for WordPress versions 1.0.0 through 1.0.6 Description: The issue concerns Sensitive Information Exposure due to improper restrictions on hidden data, making it accessible through the REST API. This allows...

Decoding UAC-0050’s Cyber Espionage Playbook

Summary: UAC-0050, a threat actor focused on Ukraine, is using new tactics to spread the Remcos RAT. In their latest move, UAC-0050 shows advanced adaptability by cleverly avoiding detection through a hidden data transfer method and outsmarting EDR systems. Threat Level - Amber | Attack Report Fo...

PT-2023-17127 · Openstack +3 · Openstack Heat +3

Name of the Vulnerable Software and Affected Versions: OpenStack heat affected versions not specified Description: An information leak was discovered in OpenStack heat, allowing a remote, authenticated attacker to use the 'stack show' command to reveal parameters that are supposed to remain hidde...

SUSE CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

多款 Foxit 产品数据伪造问题漏洞

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A data forgery vulnerability exists in the Foxit PDF Reader product that stems from a lack of proper validation of hidden and incremental data in digitally signed PDF files. A remote attacker can exploit this vulnerability to display...

CVE-2021-27211

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data...

CVE-2021-27211

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data...

DEBIAN-CVE-2021-27211

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data...

CVE-2021-27211

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data...