MAL-2025-165059 Malicious code in rival-poke73 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f27170950046e1b89157c4754977140083c9891e0618b711223a29e62af8800a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2024-22455

Dell Mobility - E-Lab Navigator (versions 3.1.9 and 3.2.0) contains an Authorization Bypass Through User-Controlled Key vulnerability. Multiple connected sources describe an Insecure Direct Object Reference in Feedback submission that could allow an unauthenticated, locally positioned attacker to...

Unrestricted Upload of file with dangerous type lead to destroying the company's reputation.

Description In upload function i found the function accept a lot of file type and this is very dangerous because may be malicious user upload html file contain any information like go to another site or write message destroying the company's reputation like this site has been hacked by hacker Pro...

Lack of checks between _swapData and _lifiData could lead to loss of funds and reputation risk.

Lines of code LibSwap.swap swapTokensGeneric Vulnerability details Impact Users could input incongruent values for lifiData and swapData leading to a swap no being processed correctly and users not getting any of the expected lifiData.receivingAssetId. It can also damage reputation because LiFi...

sendFundsToUser() does not verify that the user has deposited anything

Lines of code Vulnerability details Impact Users can request arbitrary amounts when requesting funds from the executor, because the deposit hash is not checked against actual deposits. The user can be the executor him/herself if they wish to rug-pull directly. Proof of Concept function...

admin can rug pull

Lines of code Vulnerability details In the links I provided, the admin can steal all user funds. this can cause reputation risk. --- The text was updated successfully, but these errors were encountered: All reactions...

reputation risk via upgradable contracts

Handle gpersoon Vulnerability details Impact The contract SwappableYieldSource is upgradable. This means the owner could upgrade and change the contract so any new functionality. Amongst others the owner could retrieve all the tokens of the Yieldsource and transfer them out. The project could sti...

Paragon Initiative Enterprises: Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki

submitted a misconfiguration in some of our GitHub repositories to us. Wikis are inherently editable for all users, but for some repositories an organization may want to restrict this access. In some cases it was possible for GitHub users . Github wikis on the following project...

Data Privacy Issues Trigger Soul Searching in Tech Industry

NEW YORK – For the tech industry, Facebook’s Cambridge Analytica scandal has led to a wave of self-examination when it comes to the culture around data collection and utilization – and what the price is for bad data privacy policies. While regulatory efforts, fines and consumer public sentiment...

Nextcloud: Github wikis are editable by anyone

Github wikis on the following projects https://github.com/nextcloud/fulltextsearch https://github.com/nextcloud/nextcloudpi https://github.com/nextcloud/spreed https://github.com/nextcloud/ocsms https://github.com/nextcloud/nextcloud-snap https://github.com/nextcloud/passman can be edited by any...

Excerpts from Modern Bank Heists – Data Gathering

Carbon Black recently published a report on how to gather data to improve the security posture of your enterprise. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo...

Internet Safety Month: How to manage your child’s online presence

When you hear the term "reputation risk management," you might think of a buzzword used in the business sector. Reputation risk management is a term used to describe how companies identify potential risks that may harm their reputation and mitigate them before they blow off. As companies grow, so...