Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

EUVD-2025-9734

Malicious code in bioql PyPI...

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

GHSA-9CWX-2883-4WFX Vite's `server.fs.deny` is bypassed when using `?import&raw`

Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...

Clario: Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com

Summary Normally a client can't access /admin directory because of front nginx server which returns 403. But we can use X-Rewrite-Url or X-original-url because back server processes these headers and front server doesn't. Steps to reproduce: This request shows normal behavior curl -i -s -k -X...