Malicious code in dcchbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...

CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

PT-2020-14785 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x before 3.1-2020.07.06.14.28 Description: An issue was discovered in the RIPE NCC RPKI Validator where RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attacke...