26 matches found
MAL-2026-1278 Malicious code in chat-xdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e1f6d17089af4d8a0d8ab4b5ab9398a250b54d8d605c178080a7f275a6ab4687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in telstra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6ff467569b104f23ebbdc6ef58dec14795aaf14548185bd3b31886ecd9b8003 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-191791 Malicious code in minemeld-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dfe7b8c00b3748b3fe38ffdf3bd69558abb58091ee3347d47003929976ceb457 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-191733 Malicious code in fonafx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
CVE-2024-1646
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...
Spring Framework 6.2.0-M1: Overriding Beans in Tests
Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state ...
Rayder - A Lightweight Tool For Orchestrating And Organizing Your Bug Hunting Recon / Pentesting Command-Line Workflows
Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be executed. Rayder helps you automate complex processes, making it easy to streamline repetitive modules and...
GHSA-F6GV-HH8J-Q8VQ Named path parameters can be overridden in TrieRouter
Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matche...
JBXBuybackDelegate swap pathway always reverts unless slippage is set to 100%
Lines of code Vulnerability details Impact The swap pathway will never work and it will revert due to a validation error unless the user specifies a slippage of 100%. This would be extremely harmful as it would let users be targeted by MEV bots. Proof of Concept This is the pathway to payParams:...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
SUSE-SU-2021:3244-1 Security update for shibboleth-sp
This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders bsc1184222...
Denial Of Service (DoS)
curl is vulnerable to denial of service. The SSL backend fails to secure the CURLOPTSSLCERT against current directory file overriding the keychain nickname specified, potentially resulting in the overriding the CURLOPTSSLCERT specified certificate and thus causing denial of service...
Important: Red Hat Security Advisory: firefox security and bug fix update
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : firefox (RHSA-2020:3559)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3559 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 8 : firefox (RHSA-2020:3555)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3555 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
The vulnerability in the implementation of the grub_script_function_create() function of the Grub2 operating system allows a perpetrator to gain access to confidential data, affect the integrity of the data, and cause service failures.
The vulnerability of the grubscriptfunctioncreate function, which is part of the Grub2 operating system loader, stems from an error in function overriding. This function is already being executed. Exploiting this vulnerability could allow a perpetrator to access confidential data, compromise data...
Code injection
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
Fedora 31 : php (2019-a54a622670)
PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...
Wpbullet - A Static Code Analysis For WordPress (And PHP)
A static code analysis for WordPress Plugins/Themes and PHP Installation Simply clone the repository, install requirements and run the script $ git clone https://github.com/webarx-security/wpbullet wpbullet $ cd wpbullet $ pip install -r requirements.txt $ python wpbullet.py Usage Available...