Malicious code in react-chtr-object-methods (npm)

The package react-chtr-object-methods was found to contain malicious code...

MAL-2025-16004 Malicious code in bot-methods (npm)

The package bot-methods was found to contain malicious code...

MAL-2025-31773 Malicious code in react-chtr-object-methods (npm)

The package react-chtr-object-methods was found to contain malicious code...

Tips for Transcribing Video with Technical Jargon

When it comes to transcribing videos, technical jargon can pose several challenges. However, with the right approach, you…...

Prototype Pollution

Overview content-security-policy-parser is a Parse Content Security Policy directives. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the Object prototype by supplying a crafted policy name in HTTP queries, potentially...

GHSA-W2CQ-G8G3-GM83 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require'content-security-policy-parser'; const x = parse"default-src 'self'; proto foobar";...

BIT-LIBPYTHON-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-46414 EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

The vulnerability of the user blocking mechanism of the Vault Enterprise and Vault Community Edition corporate information archiving platforms allows attackers to circumvent existing security restrictions.

The vulnerability of the user blocking mechanism in the Vault Enterprise and Vault Community Edition corporate information archiving platforms is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to circumvent existing security...

Flexibits Fantastical 安全漏洞

Flexibits Fantastical is a cross-platform calendar and task manager from Flexibits, Inc. A security vulnerability exists in Flexibits Fantastical that stems from the XPC service not implementing proper client-side authorization checks, which could result in a local, unprivileged process accessing...

Linux Distros Unpatched Vulnerability : CVE-2025-50078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and...

VulnCheck KEV: CVE-2024-51978

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

PT-2025-31678

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1, 1.19.7, 1.18.12, and 1.16.23 Description The user lockout feature in Vault and Vault Enterprise could be bypassed for Userpass and LDAP authentication methods...

VPN use rises following Online Safety Act’s age verification controls

As the UK's Online Safety Act came into effect on Friday—along with its age verification controls—the use of virtual private network VPN services has skyrocketed by up to 20-fold across the region. Top10VPN, which monitors VPN traffic around the world, spotted UK VPN traffic spiking 1,327% on Jul...

DoS Attacks and Defense Technologies in Blockchain Systems: a Hierarchical Analysis

Blockchain technology is widely used in various fields due to its ability to provide decentralization and trustless security. This is a fundamental understanding held by many advocates, but it is misunderstood, leading participants to fail to recognize the limitations of the security that...

CVE-2025-54412

A flaw was found in skops. An inconsistency in OperatorFuncNode can hide the execution of untrusted operator methods when a specially crafted model file is loaded. This issue allows arbitrary code execution at load time...

Enhancing Jailbreak Attacks on LLMs Via Persona Prompts

Jailbreak attacks aim to exploit large language models LLMs by inducing them to generate harmful content, thereby revealing their vulnerabilities. Understanding and addressing these attacks is crucial for advancing the field of LLM safety. Previous jailbreak approaches have mainly focused on dire...

Exploit for CVE-2017-3143

Awesome Vulnerability Research 🦄 A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project. Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious abou...