271 matches found
A Survey of Web Application Security Tutorials
Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations ov...
Botan C++ Crypto Algorithms Library 3.11.0
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...
This Week in Spring - March 10th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring. As I write this, I am preparing for a trip to Rust, Germany, for one of the best Java conferences in Europe: JavaLand, along with its new companion event, DevLand. It should be fun. Will you be around? If so, say hi. We have ...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
Arbitrary Code Injection
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data shuffling tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensiti...
Arbitrary Code Injection
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data merging tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensitive...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
Malicious Package
Overview nrql-tutorial is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2008-4331
Malware in sbrugna...
EUVD-2007-3675
Malware in sbrugna...
EUVD-2019-7091
Malware in sbrugna...
EUVD-2021-28064
Malicious code in bioql PyPI...
EUVD-2021-29305
Malicious code in bioql PyPI...
This Week in Spring - September 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...
Malicious code in heft-storybook-react-tutorial (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9aaa15f8740a436b59266355d59bb470dfd605d6260dc307a40ef50e20f65939 The OpenSSF Package Analysis project identified 'heft-storybook-react-tutorial' @ 99.0.9 npm as malicious. It is considered malicious because: -...
Malicious code in heft-web-rig-library-tutorial (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5305ed5a8b702f1ebff37fd77c6a498586782cc76fa0f351f18c6ad13efdd194 The OpenSSF Package Analysis project identified 'heft-web-rig-library-tutorial' @ 99.0.9 npm as malicious. It is considered malicious because: -...