4 matches found
CVE-2026-49356
A flaw was found in @babel/core. This vulnerability allows an attacker, who controls the input source code and can read the output, to perform an arbitrary file read. By compiling maliciously crafted code containing a sourceMappingURL comment, the attacker can read any source map file from the...
The Mythos Inflection Point: Dealing With the Upcoming Vulnerability Disclosure Avalanche and Compressed Exploitation Window
Having spent years at Qualys working on vulnerability risk and remediation management, I have watched the disclosure and remediation cycles from every angle. I have seen vulnerability researchers find a critical flaw in OpenSSH and the industry scramble to respond. I have seen organizations...
webfinger.js Blind SSRF Vulnerability
Description The lookup function takes a user address for checking accounts as a feature, however, as per the ActivityPub spec https://www.w3.org/TR/activitypub/security-considerations, on the security considerations section at B.3, access to Localhost services should be prevented while running in...
NII Advisory - Path Disclosure in Cold Fusion MX Server
=================================================== Path Disclosure in Macromedia ColdFusion MX Server Vendor: Macromedia http://www.macromedia.com Versions affected: ColdFusion MX Server Operating System: Windows 2000 Date: 26th April 2003 Severity: Low Network Intelligence India Pvt. Ltd...