Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

MAL-2026-3034 Malicious code in ort-moe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b07b0d9d87f411b1c481f50084190fdde34edfeb1c9b10368a23abba0ccbcbdc During import, package collects basic information about the system, performs deep fingerprinting, and reports the data to the remote target. The package...

Malicious code in ort-moe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b07b0d9d87f411b1c481f50084190fdde34edfeb1c9b10368a23abba0ccbcbdc During import, package collects basic information about the system, performs deep fingerprinting, and reports the data to the remote target. The package...

MAL-2025-41590 Malicious code in ort-whisper (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ort-whisper (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ort-type-test-module-resolution (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ort-rn-basic-usage (npm)

The package ort-rn-basic-usage was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-28498 Malicious code in ort-rn-basic-usage (npm)

The package ort-rn-basic-usage was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

LLM Unlearning Should Be Form-Independent

Large Language Model LLM unlearning aims to erase or suppress undesirable knowledge within the model, offering promise for controlling harmful or private information to prevent misuse. However, recent studies highlight its limited efficacy in real-world scenarios, hindering practical adoption. In...

Malicious code in ort-web-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...

MAL-2025-4044 Malicious code in ort-web-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...

ort-paca.com Cross Site Scripting vulnerability OBB-3948682

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Incorrect Permission Assignment for Critical Resource

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

Cache Manipulation Attack in Apache Traffic Control

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

GHSA-PW59-4QGF-JXR8 Cache Manipulation Attack in Apache Traffic Control

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

CVE-2020-17522

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

CVE-2020-17522

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

Code injection

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

CVE-2020-17522

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

Incorrect Permission Assignment for Critical Resource

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control to to, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP...