Important: bubblewrap

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

Malicious code in request-ip-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e096389994e4f977393f6e6f087f2fdaa9aae5f79ffaa89122d7e6bb72f083a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9233 Malicious code in foldl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2abd5909394808c19b6d87a3b9b46e6356ee553bed6e8fe55dfa696dc0908b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in numeral-light (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0745207c17df1a5cbcd760a28f72def582f071d4860ce74387cd251b4556c1a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in updated-script-retail-tycoon-2-script-h-a-c-k-9u9pw3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10991d290106057e87a9d1c0c73b0dd03e2ccad25e2eaef6547a2feb1551f4c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in working-today--soft-aim-fortnite-down-lo-ad-pc-esp-aimbot-undetected-2023-41etdn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d8a9f0993744d4972cdf5e672ed1837953cea1a52c4cc63a83e24184de071ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in snyk.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76c8b0ab07e37f58fd612860770162ef6e593d6f155a12952b7eafe0afa9ffdd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.12 security, enhancement & bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.12 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

BIT-JENKINS-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk,...

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 CVSS score: 9.8, the critical flaw relates to an improper restriction of XML external...

PT-2025-2095 · Drupal · Drupal Persistent Login

Name of the Vulnerable Software and Affected Versions: Drupal Persistent Login versions 0.0.0 through 1.8.0 Drupal Persistent Login versions 2.0. through 2.2.2 Description: The issue is related to insufficient session expiration in the Drupal Persistent Login module, allowing for forceful browsin...

Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044

This module enables users to remain logged in separately from session timeouts. The module doesn't sufficiently check a user's disabled status when validating cookies. This vulnerability is mitigated by the fact that an attacker must have an unexpired cookie from a previous successful login...

Drupal Persistent Login module < 1.8.0,2.2.0-2.2.1,2.0,2.1 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Geoff Appleby in WordPress Module Persistent Login versions 1.8.0,2.2.0-2.2.1,2.0,2.1...

Hacking ChatGPT by Planting False Memories into Its Data

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant "false memories" into that context window that could...

CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...

CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence AI tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of...

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server VPS infrastructures based on the CentOS operating system. "The initial access was accomplished via a Secure Shell SSH brute force attack on the victim's assets, during whi...

Malicious code in ttuiooty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b275fd67a527aba9922dae957015a4e562bebb7e05e51f034b1ac179723b0ff0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.2 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...