40 matches found
GHSA-5PRR-V3J2-97MH vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-8678-W3JW-XFC2 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-P67V-3W7G-WJG7 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-WFPW-MMFH-QQ69 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-WJV4-X9W8-WM3H vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-PHWJ-RPRQ-35PP vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-9CV2-CFXC-V4V2 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
GHSA-5V8H-3H3Q-446P vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, pact-broker-docker, logstash, ruby3.3-rails, ruby3.2-rails, logstash-fips, ruby4.0-rails, pact-broker-docker-fips...
MAL-2026-5226 Malicious code in autotel-pact (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4037ca9204d792112d198342524b35664de796ff675a0dbbee14a33874b30d57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in autotel-pact (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4037ca9204d792112d198342524b35664de796ff675a0dbbee14a33874b30d57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)
commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...
au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)
commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...
ai.intelliswarm:swarmai-core (>=1.0.24 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.24 <=1.0.28) +2736 more potentially affected by CVE-2025-27820 via org.apache.httpcomponents.client5:httpclient5 (>=5.4-alpha1 <=5.4.2)
org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.4-alpha1, =1.0.24, =1.0.24, =1.0.24, =1.0.24, =1.0.24, =1.0.27, =1.0.24, =1.0.24, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.26, =0.0.1, =0.0.2 and more Source cves: CVE-2025-27820 Source advisory: OSV:GHSA-73M2-QFQ3-56CX...
A week in security (April 7 – April 13)
Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...
The Pall Mall Pact and why it matters
The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact. The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the...
ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7541 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)
org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12) +2259 more potentially affected by CVE-2024-47855 via net.sf.json-lib:json-lib (>=0.7.1 <=2.4)
net.sf.json-lib:json-lib MAVEN version =0.7.1, =0.0.20, =2.1.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.20 and more Source cves: CVE-2024-47855 Source advisory: OSV:GHSA-WWCP-26WC-3FXM...
androidx.room:room-compiler-processing-testing (>=2.3.0 <=2.4.0-alpha04), au.com.dius.pact.provider:gradle (>=4.1.21 <=4.3.0-beta.6) +2879 more potentially affected by CVE-2021-47621 via io.github.classgraph:classgraph (>=4.0.3 <=4.8.110)
io.github.classgraph:classgraph MAVEN version =4.0.3, =2.3.0, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =1.2.5.RELEASE, =1.2.5.RELEASE, =1.3.5.RELEASE, =1.3.7.RELEASE and more Source cves: CVE-2021-47621 Source advisory:...
Fedora: Security Advisory for golang-github-pact-foundation (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...