220 matches found
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...
Texas sued Netflix over claims it secretly collected and sold users’ data
Attorney General AG of Texas Ken Paxton announced that he sued Netflix for spying on Texans, including children, and collecting users’ data without their knowledge or consent. The suit alleges Netflix secretly tracks and monetizes detailed viewing behavior of users, including children, while...
lemur 注入漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...
This Week in Spring - April 28th, 2026
Hi Spring fans! Welcome to another installment of This Week in Spring! As I write this, I'm on PTO in beautiful Santorini, Greece, catching up on some news and about to cruise the islands for some sightseeing. There's nothing quite like springtime in the Mediterranean! I couldn't dream of enjoyin...
com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +35 more potentially affected by CVE-2026-2818 via org.springframework.data:spring-data-geode (>=1.0.0.INCUBATING-RELEASE <=2.7.5)
org.springframework.data:spring-data-geode MAVEN version =1.0.0.INCUBATING-RELEASE, =0.3.12, =0.3.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =3.0.0, =3.2.1...
com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +35 more potentially affected by CVE-2026-2817 via org.springframework.data:spring-data-geode (>=1.0.0.INCUBATING-RELEASE <=2.7.5)
org.springframework.data:spring-data-geode MAVEN version =1.0.0.INCUBATING-RELEASE, =0.3.12, =0.3.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =3.0.0, =3.2.1...
149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online
Another day, another trove of login credentials in plain text found online...
CVE-2021-28099
In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
PT-2025-49399
🚨 How a Grand Finalist Hacked NASA and Netflix: CVE-2023-44957 & CVE-2024-38945 Secrets https://t.co/Vi1BIVREL8 Educational Purposes!...
PT-2025-49398
🚨 How a Grand Finalist Hacked NASA and Netflix: CVE-2023-44957 & CVE-2024-38945 Secrets https://t.co/Vi1BIVREL8 Educational Purposes!...
Malicious code in netflix-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 711ffa8c0ce9379a63de3ef137c0bf569750b0d78159c94ec77e3e25b5354050 The OpenSSF Package Analysis project identified 'netflix-test' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-138578 Malicious code in netflix-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 711ffa8c0ce9379a63de3ef137c0bf569750b0d78159c94ec77e3e25b5354050 The OpenSSF Package Analysis project identified 'netflix-test' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Friday Squid Blogging: Squid Game: The Challenge, Season Two
The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. Too many links to pick a few--search for it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
EUVD-2020-30122
Malware in sbrugna...
EUVD-2021-1208
Malware in sbrugna...
EUVD-2021-0635
Malware in sbrugna...
EUVD-2024-1380
Malicious code in bioql PyPI...
EUVD-2023-0124
Malicious code in bioql PyPI...
EUVD-2022-1227
Malicious code in bioql PyPI...