40 matches found
CVE-2026-59708 Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...
EUVD-2026-42074
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...
CVE-2026-59708
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...
PT-2026-56233
Name of the Vulnerable Software and Affected Versions ghostfolio affected versions not specified Description The 'GET /api/v1/public/:accessId/portfolio' endpoint allows unauthenticated access to full portfolio data because it accepts private access IDs without validating granteeUserId filtering...
Malicious code in n8n-nodes-performance-metrics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf8fbf4cfd483a5fc72a3c3037f88de636f0732e3d591a09309e54faceff05 The package n8n-nodes-performance-metrics was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview n8n-nodes-performance-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview n8n-performance-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
EUVD-2026-1130
Malicious code in n8n-performance-metrics npm...
EUVD-2026-1131
Malicious code in n8n-nodes-performance-metrics npm...
Malicious code in n8n-performance-metrics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff33e7eec92ad0ad734fb7babcf427a9a5df69ba94b95c904c1ecfce32d5ef97 The package n8n-performance-metrics was found to contain malicious code. Source: ghsa-malware...
MAL-2026-69 Malicious code in n8n-performance-metrics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff33e7eec92ad0ad734fb7babcf427a9a5df69ba94b95c904c1ecfce32d5ef97 The package n8n-performance-metrics was found to contain malicious code. Source: ghsa-malware...
Threat Detection in Social Media Networks Using Machine Learning Based Network Analysis
The accelerated development of social media websites has posed intricate security issues in cyberspace, where these sites have increasingly become victims of criminal activities including attempts to intrude into them, abnormal traffic patterns, and organized attacks. The conventional rule-based...
GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...
BIT-PARSE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0, Parse...
kernel: perf/x86/intel: Fix crash in icl_update_topdown_event()
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in iclupdatetopdownevent The perffuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23...
CVE-2025-64502
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
Sensing Security in Near-Field ISAC: Exploiting Scatterers for Eavesdropper Deception
In this paper, we explore sensing security in near-field NF integrated sensing and communication ISAC scenarios by exploiting known scatterers in the sensing scene. We propose a location deception LD scheme where scatterers are deliberately illuminated with probing power that is higher than that...
Malicious Package
Overview kpi-media-metrics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-20924
Malicious code in bioql PyPI...