PT-2026-1548

Name of the Vulnerable Software and Affected Versions carboneio carbone versions prior to 3.5.6 Description A weakness exists in carboneio carbone up to version fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. The issue resides in the Formatter Handler component, specifically within the file lib/input.j...

📄 is-localhost-ip 2.0.0 Restriction Bypass

is-localhost-ip version 2.0.0 suffers from a restriction bypass vulnerability. ============================================================================================================================================= | Title : is-localhost-ip 2.0.0 Restriction Bypass | | Author : indoushka | ...

CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service

Summary The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. Details This vulnerability exists because the application does not properly handle exceptions...

GHSA-PJJ3-J5J6-QJ27 HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service

Summary The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. Details This vulnerability exists because the application does not properly handle exceptions...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...