MAL-2026-4539 Malicious code in create-kachow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97 bin/create-kachow.js declares a BUILTINKEYS object containing live API keys for four third-party AI providers Gemini key starting...

Attention Is Where You Attack

Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...

WordPress Filebird Plugin Missing Authorization Vulnerability

WordPress Filebird Plugin is a media library management plugin for WordPress that allows users to organize media files by creating folders and subfolders to improve the efficiency of media library management. WordPress Filebird Plugin suffers from a missing authorization vulnerability, which can ...

glider_StakedUSDeV2

StakedUSDeV2 Uninitialized Role Variable PoC Vulnerability...

MAL-2025-156139 Malicious code in ilal-poke37 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6543636f229f4e8f325816f2d3ca64aa191d08dac12d32e662454bb940f7c614 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140529 Malicious code in centauri-enceladus-fork-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d5f2869f338410de2308730411a08670b694bd2f33a25c6776b19a038b1dfea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fadhil-donat28-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 359f4a626acc31a692cac12610c2fa482d0772efaeac111197e6192d87ac4b6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local_narwhal_requirement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5337dcdf57b7726a7fe77e65916e732715e8cc0ed948121a58ec5ea7c99a117 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a BAM transaction redistribution that could lead to a mapping failure...

FreeBSD : chromium -- multiple security fixes (db221414-2b0d-11f0-8cb5-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the db221414-2b0d-11f0-8cb5-a8a1599412c6 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the preceding...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an under-reference of requests in ublk when handling recovery and redistribution...

FreeBSD : firefox -- multiple vulnerabilities (0e20e42c-b728-11ef-805a-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0e20e42c-b728-11ef-805a-b42e991fc52e advisory. [email protected] reports: Tenable has extracted the preceding description block directly...

replay attack in StakedUSDe's redistributeLockedAmount function

Lines of code Vulnerability details Impact The vulnerability in the redistributeLockedAmount function of the StakedUSDe contract allows an admin user to redistribute tokens from a restricted address to another address. However, if a user let's call them User A is removed from the blacklist and...

.NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their application...

Mitigation of M-11: Issue not mitigated, mitigation error

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-11: Issue not mitigated, mitigation error Link to Issue: code-423n4/2023-03-asymmetry-findings152 Comments Even though the sponsor followed the warden's recommendation in issue M-11, I don't think the proposed change properly...

Missing server signature validation in OctoberCMS

Impact This advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server. It has been disclosed that a project fork of October CM...

EC-CUBE 安全漏洞

Ec-cube is an open source e-commerce system from the Japanese company Ec-cube. A security vulnerability exists in EC-CUBE due to the application improperly handling HTTP Host header values. A remote attacker could exploit this vulnerability to send an email with a forged redistribution password U...

New malware blocks victims from visiting The Pirate Bay, illegal sites

By Deeba Ahmed Dubbed Vigilante by researchers; the malware prevents the system from those sites that redistribute pirated software/data. This is a post from HackRead.com Read the original post: New malware blocks victims from visiting The Pirate Bay, illegal sites...

Linux/x86-64 - Egghunter Shellcode (38 bytes)

/ Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the...

Pimcore CMS Build 3450 - Directory Traversal

Pimcore CMS Build 3450 - Directory Traversal Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...