Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

TSPortal: Any user can forge self-deletion requests for any account

Summary Conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. Details Creating a DPA report about another user and leaving the evidence field empty causes that report to look like the reported user self-requested deletion of their data. Ingenuine repo...

EUVD-2026-10067

TSPortal: Any user can forge self-deletion requests for any account...

GHSA-GFHQ-7499-F3F2 TSPortal: Any user can forge self-deletion requests for any account

Summary Conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. Details Creating a DPA report about another user and leaving the evidence field empty causes that report to look like the reported user self-requested deletion of their data. Ingenuine repo...

CVE-2026-29788

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

CVE-2026-29788

The CVE affects TSPortal (WikiTide Foundation) prior to version 30, where converting empty strings to null allowed disguising DPA reports as self-deletion reports. Root cause is the faulty normalization of empty fields in the report handling flow. Impact described includes confidentiality/availab...

CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

CVE-2026-29788

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...

TSPortal 安全漏洞

TSPortal is a team management platform developed by Miraheze. Previous versions of TSPortal had security vulnerabilities; these vulnerabilities stemmed from the conversion of empty strings to null values, which could lead to data protection reports being disguised as genuine self-deletion reports...

GHSA-4X4M-3C2P-QPPC Kubernetes Nodes can delete themselves by adding an OwnerReference

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

CVE-2025-52521

Trend Micro Security 17.8 Consumer is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

MAL-2025-3541 Malicious code in express-cookie-parser (npm)

This package impersonates the popular 'cookie-parser' package. Remote code execution, persistence, self-deletion, and obfuscation found in the package's code confirm its malicious nature...

PT-2024-12430 · Apache · Apache Rocketmq

Name of the Vulnerable Software and Affected Versions: Apache RocketMQ affected versions not specified Description: The issue concerns a stealthy malware named perfctl, which targets millions of Linux servers. It exploits over 20,000 common misconfigurations and a critical vulnerability in Apache...

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShel...

Название Бота Stepa

Возможности Бота + Админ панель Защита от DDos; + Отправка, перехват и удаление СМС-сообщений; + Отображение ботов по категория; + Есть удобная система событий для каждого бота; + Удобный вывод СМС сообщений в диалоге; + Автокрипт apk через api + Отдельная услуга; + Смена и подмена...