CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

PT-2025-23053 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.13.0 through 2.1.0 Description: The issue affects Apache InLong, allowing attackers to bypass its security mechanisms and enabling arbitrary file reading due to a deserialization of untrusted data vulnerability...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the V8 engine. Remediation A fix was pushed into the master branch but not yet...

Malicious code in emergency-pull-request-probot-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-652 Malicious code in emergency-pull-request-probot-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

CVE-2024-11716

CVE-2024-11716 (CTFd) : A logic flaw in CTFd allows an authenticated user to reset their bracket after registration and join another team while a competition is ongoing. Affected releases: 3.7.0—3.7.4. The issue was addressed in 3.7.5 via pull request 2636. Practical impact: potentially enables b...

CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

Malicious code in set-pr-description-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f56192a6739bfa4e2f9794840d334d8216ea18d4086cf066b6eeded90d8bbfb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-29001

Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...

CVE-2023-29001

CVE-2023-29001 affects Contiki-NG. The IPv6 SRH processing in Contiki-NG’s two RPL implementations can cause an uncontrolled recursion in the function tcpip_ipv6_output when a packet with a local next-hop address is received, potentially triggering a stack overflow. Exploitation requires attacker...

CVE-2024-41126 Out-of-bounds read when decoding SNMP messages in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...

CVE-2024-47181

CVE-2024-47181 affects Contiki-NG’s two RPL implementations. An unaligned memory access can occur when an IPv6 packet carries an odd number of padded bytes before the RPL option, causing rpl_ext_header_hbh_update to read a 16-bit integer from an odd address. The impact is architecture-dependent a...

CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL...

CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL...

PT-2024-32463 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to the next release after 4.9 Description: The issue is related to an unaligned memory access in the Contiki-NG operating system, specifically in its two RPL implementations. This can be triggered when an IPv6 packet...

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-53253

CVE-2024-53253 affects Sentry v24.11.0 (self-hosted); a specific error message could leak plaintext integration Client ID and Client Secret in an HTTP response when a failing third‑party response triggers select-requester.invalid-response during a Search UI async flow. The leak does not grant dat...

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

Metasploit Weekly Wrap-Up 10/04/2024

New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...