GHSA-423P-G724-FR39 CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pgmonitor. SET ROLE changes only currentuser; sessionuser remains postgres. That residual superuser identity is the foothold fo...

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +29 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: SNYK:PYTHON-LXMLHTMLCLEAN-15369490...

openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20177-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20177-1 advisory. Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...

SUSE-SU-2026:20232-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257329. - CVE-2025-12816: interpretation conflict...

Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion

Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music...

A week in security (December 22 &#8211; December 28)

Last week on Malwarebytes Labs: Pornhub tells users to expect sextortion emails after data exposure Hacktivists claim near-total Spotify music scrape Stay safe! We don 't just report on threats—we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headlin...

Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files...

EUVD-2017-0016

Malware in sbrugna...

EUVD-2024-16547

Malicious code in bioql PyPI...

Malicious code in phone-scrape-dll (npm)

The package phone-scrape-dll was found to contain malicious code...

artery-routes-docs (>=0.0.2 <=0.0.25), arteryjs (=0.0.0) +5 more potentially affected by unknown CVE via to-slug (=0.0.0)

to-slug NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on to-slug and may be impacted: - artery-routes-docs =0.0.2, =0.2.0, =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-37002...

MAL-2025-29157 Malicious code in phone-scrape-dll (npm)

The package phone-scrape-dll was found to contain malicious code...

Malicious code in scrape-eksi (npm)

The package scrape-eksi was found to contain malicious code...

MAL-2025-32815 Malicious code in scrape-eksi (npm)

The package scrape-eksi was found to contain malicious code...

Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bump golang.org/x/net to version 0.39.0 bsc1238686 Version was updated to 2.53.4 with the following bug fixes: Runtime:...

Security update for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus was updated to version 2.53.4: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 bsc1238686 Other bugs fixes from version 2.53.4:...

Security update for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus was updated to version 2.53.4: Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building bsc1236516 CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 bsc1238686 Other bugs fixes from version 2.53.4:...

Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library

A powerful Python script that allows you to scrape messages and media from Telegram channels using the Telethon library. Features include real-time continuous scraping, media downloading, and data export capabilities. \ / / / / | | / \ \ \ | | \ \ / \ || \ / / / / Features 🚀 Scrape messages...

CVE-2024-8952

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

GHSA-QVG9-VP87-H3HR composio Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...