75 matches found
MAL-2025-51831 Malicious code in fajar-mangut61-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32aa55042889d0042a7a4f0ab7b968ba58df284820aa9e56fba5a624884d934c The package fajar-mangut61-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...
EUVD-2024-1482
Malicious code in bioql PyPI...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the synclinkedregs function in the bpf subsystem to preserve the subregdef flag, which could le...
openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...
UBUNTU-CVE-2024-32020
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...
CVE-2024-34350
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...
CVE-2024-34350
CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...
PT-2024-25807 · Next.Js · Next.Js
Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.5.1 Description: The issue arises from an inconsistent interpretation of crafted HTTP requests, leading to desynchronized responses and a response queue poisoning vulnerability. This occurs when the affected route...
GHSA-494H-9924-XWW9 Pterodactyl Wings vulnerable to improper isolation of server file access
Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...
Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks
The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to...
The vulnerability of the command-line interface (CLI) of the microprogramming software for Cisco TelePresence Collaboration Endpoint conference call control devices and the Cisco RoomOS operating system allows a hacker to re-write any files at will.
The vulnerability of the command-line interface CLI of the microprogramming software for Cisco TelePresence Collaboration Endpoint conference call controllers and the Cisco RoomOS operating system is related to access control deficiencies. Exploiting this vulnerability could allow a attacker to...
GHSA-G6F4-J6C2-W3P3 High severity vulnerability that affects uglify-js
Withdrawn, accidental duplicate publish. The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperl...
UBUNTU-CVE-2015-8857
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...