RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for...

EUVD-2019-10357

Malware in sbrugna...

EUVD-2020-25372

Malware in sbrugna...

EUVD-2022-29579

Malicious code in bioql PyPI...

EUVD-2023-41408

Malicious code in bioql PyPI...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15662)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2022-26629

An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function...

CVE-2021-1285

Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of error conditions when processing...

CVE-2020-4125

Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information...

CVE-2018-20816

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with scri...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability

SAP Supplier Relationship Management Master Data Management Catalog is a system for managing supplier relationships that provides master data management functionality. A cross-site scripting vulnerability exists in SAP Supplier Relationship Management Master Data Management Catalog that allows an...

Cisco Secure Email Gateway Access Control Error Vulnerability

Cisco Secure Email Gateway is a secure email gateway software from the American company Cisco Cisco. An access control error vulnerability exists in Cisco Secure Email Gateway, which can be exploited by a remote attacker to submit a special email that can bypass the rules and conduct a malicious...

CVE-2024-45808 Malicious log injection via access logs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTEDSERVERNAME field for access logger...

CVE-2023-37521

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack...

Information disclosure

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack...

CVE-2023-37521

CVE-2023-37521 affects HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower. The issue is described as the inclusion of sensitive information in a query string, which could allow an attacker to execute a malicious attack. Documented impacts are information disclosure with potential abu...

The SteelClover Group is Spreading Malware via Google Ads in Japan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SteelClover is a malicious attack group that has been active since 2019 and has been observed to conduct various attacks for financial gain. SteelClover recently saw a rise in malware downloading inciden...

CVE-2023-0158 Triggered crash on direct RRDP access

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to...

Contract LooksRareAggregator Ownership renouncement may leave a deficient smart contract in operation and there is no way to fix it

Lines of code Vulnerability details Impact LooksRareAggregator can renounce ownership and the system can still operate with already set parameters. However, many important functions cannot be called any more in this situation such as setFee, addFunction rescureERC721, rescueETH, etc. This means...

CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...