Lucene search
K

11 matches found

Packet Storm News
Packet Storm News
added 2026/01/07 12:0 a.m.5 views

A Longitudinal Measurement Study of Log4Shell Exploitation from an Active Network Telescope

The disclosure of the Log4Shell vulnerability in December 2021 led to an unprecedented wave of global scanning and exploitation activity. A recent study provided important initial insights, but was largely limited in duration and geography, focusing primarily on European and U.S. network telescop...

6.9AI score
Exploits0
Trellix
Trellix
added 2025/12/18 12:0 a.m.21 views

Amadey Exploiting Self-Hosted GitLab to Distribute StealC

Amadey Exploiting Self-Hosted GitLab to Distribute StealC By Rahul Sharma · December 18, 2025 Executive summary Amadey is a malware loader that has been active since 2018, primarily used to distribute second-stage payloads and infostealers. While Amadey has been previously known to distribute...

6AI score
Exploits0
EUVD
EUVD
added 2025/10/29 10:12 p.m.5 views

EUVD-2025-36724

uv allows ZIP payload obfuscation through parsing differentials...

6.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/29 10:12 p.m.32 views

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

6.9AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/08 12:0 a.m.3 views

CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.8CVSS5.9AI score0.00183EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/07 8:52 p.m.8 views

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

6.8CVSS6.4AI score0.00183EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/08/07 8:52 p.m.3 views

GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

6.8CVSS7.3AI score0.00183EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/06/23 1:23 a.m.277 views

Exploit for Code Injection in Langflow

Langflow RCE Exploit CVE-2025-3248 !Python Versionhttps:...

9.8CVSS10AI score0.99972EPSS
Exploits33
Akamai Blog
Akamai Blog
added 2020/12/15 7:26 p.m.14 views

Stopping Active Attacks with Penalty Box

Unfortunately, today's sophisticated web application threats have gained some advantages over typical WAFs: Favorable odds -- WAFs must correctly identify attacks 100% of the time, whereas attackers have the luxury of only needing to find a single bypass or evasion Temporary fixes -- Many WAFs us...

2.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/12/15 2:0 p.m.98 views

Stopping Active Attacks with Penalty Box

A web application firewall WAF is most often used by organizations for external security controls to detect and block individual attack attempts against target web application assets. Open Web Application Security Project OWASP risk rating methodology Unfortunately, today's sophisticated web...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/05/28 1:54 p.m.178 views

Valak Loader Revamped to Rob Microsoft Exchange Servers

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found. Security researchers from Cybereason Nocturnus have discovered Valak, a...

6.6AI score
Exploits0References7
Rows per page
Query Builder