PT-2026-41150

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emit tool called event in src/dbt mcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbati...

EUVD-2021-18450

Malware in sbrugna...

EUVD-2024-1098

Malicious code in bioql PyPI...

Recommended update for Maven

This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: Key changes across versions: Bug fixes and improved support of dynamic types Dependency upgrades ASM, Maven core, and notably the removal of commons-io Improved error handling by...

BIT-MEDIAWIKI-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

Simple 301 Redirects by BetterLinks < 2.0.8 - Missing Authorization via clicked

Description The Simple 301 Redirects by BetterLinks plugin for WordPress is vulnerable to unauthorized enabling of plugin usage tracking due to a missing capability check on the clicked function in all versions up to, and including, 2.0.7. This makes it possible for subscribers to enable plugin...

Buyers unused ETH funds can be stolen (Direct theft of funds)

Lines of code Vulnerability details Impact The protocol has recognized the need to track buyers ETH in order to refund unused ETH by implementing the returnDust function and setupExecution modifier. The implementation creates an attack vector that allows the seller to steal the unused ETH...

Spectra < 1.25.6 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the admin notice about Usage Tracking is displayed: https://example.com/wp-admin/index?a"...

CVE-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

CVE-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

botbait Information Disclosure Vulnerability

botbait is a tool used in the npm ecosystem for tracking bot and automation tool usage. An information disclosure vulnerability exists in botbait. An attacker could exploit this vulnerability to disclose information...

Muhammad A. Muquit wwwcount 2.3 Count.cgi Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/128/info Wwwcount count.cgi is a very popular CGI program used to track website usage. In particular, it enumerates the number of hits on given webpages and increments them on a 'counter'. In October of 1997 two remotely...

sun.cc.compiler.txt

Date: Tue, 15 Jun 1999 00:17:12 +1000 From: Darren Reed To: [email protected] Subject: big brother in your cc Whilst this isn't strictly speaking a security bug, it borders on Sun acting in a very "big brother" manner which is frightening! For those of you using Sun's SUNWspro C compiler...