EUVD-2000-0260

Malware in sbrugna...

EUVD-2018-12901

Malware in sbrugna...

EUVD-2014-7312

Malware in sbrugna...

EUVD-2000-0261

Malware in sbrugna...

EUVD-2024-45447

Malicious code in bioql PyPI...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +124 more potentially affected by unknown CVE via ray (>=2.0.0 <=2.41.0)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.2.2, =1.1.1, =0.5.3b20221011, =0.1.1b20230324, =0.4.2 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-RAY-9055245...

A Bootiful Podcast: engineer, CTO, teacher, and pilot Ken Sipe

Hi, Spring fans, JVM enjoyers, and cloud natives! Have I got a treat for you today! We're going to be talking to my longtime pal Ken Sipe. groovy java kotlin go rust spring jvm...

CVE-2024-51612

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designerken Reftagger Shortcode reftagger-shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through = 1.1...

CVE-2024-51612

CVE-2024-51612 : Stored XSS in WordPress plugin “Reftagger Shortcode” (versions n/a–1.1) due to improper input neutralization during web page generation. Public docs confirm this vulnerability affects the Reftagger Shortcode plugin up to v1.1; exploitation details are not provided, and no patch/v...

CVE-2024-45346

CVE-2024-45346 affects Xiaomi GetApps. Connected sources indicate a code execution vulnerability in GetApps, linked to bypassing authentication logic. The CVSS-style metrics in the initial document show high impact (C, I, A = High) with network attack vector and user interaction required. Public ...

Cisco / Dell / Netgear Information Disclosure / Hash Decrypter

Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...

@abstraktor/actordemo (>=0.0.0-ad-beta.1 <=0.0.0-ad-beta.2), @abstraktor/actorjs (>=0.0.0-aj-beta.3 <=0.0.0-aj-beta.6) +59 more potentially affected by CVE-2022-24066 +1 more via simple-git (>=3.0.3 <=3.14.1)

simple-git NPM version =3.0.3, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =2.0.0, =1.0.1-beta.0, =1.0.3, =1.0.1, =0.1.1, =3.0.5, =1.1.3, =1.4.0-beta.3 - @logol/dc-cli =1.2.0 and more Source cves: CVE-2022-24066, CVE-2022-25912 Source advisory: SNYK:JS-SIMPLEGIT-3112221...

Out-of-bounds Read in mrb_obj_is_kind_of in

Out-of-bounds Read in mrbobjiskindof in mruby/mruby Affected commit 791635a8d1ad9aad98aae0a36a91e092e4d71944 Proof of Concept ruby= Math.initialize do $4 prepend dup 4.instanceexec|| super end Below is the output from mruby ASAN build: bash= AddressSanitizer:DEADLYSIGNAL...

UBUNTU-CVE-2022-26498

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

Out-of-bounds Read in mrb_get_args

Out-of-bounds Read in mrbgetargs in mruby/mruby Affected commit 3cf291f72224715942beaf8553e42ba8891ab3c6 Proof of Concept ruby= 0..% = 0,0,0,0,0,0,0,0,0,0,0,0,0, = 0 Below is the output from mruby ASAN build: bash= AddressSanitizer:DEADLYSIGNAL...

Senate Committee passes new antitrust bill aimed at Big Tech companies

The American Innovation and Choice Online Act AICOA, a bill that forbids Big Tech platforms like Apple, Alphabet Google’s parent company, and Amazon from generally behaving in an anti-competitive manner, was approved by the Senate Judiciary Committee late last week with a 16-6 vote. US Senator Am...

Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...

ken-so.jp Cross Site Scripting vulnerability OBB-1449350

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ken-den.com Cross Site Scripting vulnerability OBB-1414169

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ken-network.co.jp Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1163671 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...