CVE-2026-23348

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

DEBIAN-CVE-2025-39966

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd t...

EUVD-2023-2761

Malicious code in bioql PyPI...

Five Minutes of DDoS Brings Down Tor: DDoS Attacks on the Tor Directory Protocol and Mitigations

The Tor network offers network anonymity to its users by routing their traffic through a sequence of relays. A group of nine directory authorities maintains information about all available relay nodes using a distributed directory protocol. We observe that the current protocol makes a steep...

Merge Conflicts PRs in Confluence-Distribution

Merge conflicts PRs in Confluence-Distribution after synchrony update PRs...

GHSA-JG82-XH3W-RHXX Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution

Impact A proto pollution vulnerability exists in synchrony versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. Summary A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify properties in the Object prototype. When...

CVE-2023-45811

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

Code injection

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

CVE-2023-45811

Synchrony deobfuscator (JavaScript cleaner/deobfuscator) contains a prototype pollution vulnerability in the LiteralMap transformer that allows crafted input to modify Object.prototype. This affects versions before 2.4.4 and could lead to arbitrary code execution. A fix is available in deobfuscat...

CVE-2023-45811 Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

CVE-2023-45811 Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

CVE-2023-45811 Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

synchrony security vulnerability

synchrony is a javascript-obfuscator cleaner and anti-obfuscator by the relative personal developer. A security vulnerability exists in synchrony versions prior to v2.4.4, which stems from the presence of a prototype contamination vulnerability. The vulnerability can be exploited to execute...

PT-2023-29701 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Synchrony deobfuscator versions prior to 2.4.4 Description: A proto pollution vulnerability exists in the LiteralMap transformer, allowing crafted input to modify properties in the Object prototype. Successful exploitation could lead to...

Information disclosure via Synchrony service

Affected versions of Atlassian Confluence Server allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the Synchrony service. This vulnerability was discovered by Rojan Rijal of Tinder Security Engineering. The affected versions are before version...

Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970

h3. Issue Summary spring-beans is vulnerable to CVE-2022-22970 This is reproducible on Data Center: yes h3. Steps to Reproduce Install Confluence 7.13.9 Step 2 h3. Expected Results Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher h3. Actual Results...

Sending an unauthenticated request to the Synchrony allows writing to the logs

h3. Issue Summary It is possible to write log entries via Synchrony API without authentication. h3. Steps to Reproduce To do this, you have to enter the target URL in Postman:, copy the GET or POST request and send the http request. For all POST requests, you must ensure that the content length...

Sending an unauthenticated request to the Synchrony allows writing to the logs

h3. Issue Summary It is possible to write log entries via Synchrony API without authentication. h3. Steps to Reproduce To do this, you have to enter the target URL in Postman:, copy the GET or POST request and send the http request. For all POST requests, you must ensure that the content length...

Upgrade to version 3.2.2 of apache commons-collections

h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...

Upgrade to version 3.2.2 of apache commons-collections

h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...