71943 matches found
9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass
9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, any...
[SECURITY] [DLA 4663-1] node-lodash security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4663-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 02, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
Code Injection in Perforce Helix Core (CVE-2026-6902)
Executive Summary In this article, we disclose our latest findings we made on Perforce protocol P4 Helix Core between command line client and server, and reveal how a threat actor could leverage it to conduct attacks. This security issue affects P4 Helix Core before P4 Helix Core 2025.2 Patch 2,...
MAL-2026-6724 Malicious code in starlette-healthcheck (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45d8da59826f5074d5b65d3b4733a4da6e7ce20167db9c14f7004e5fb7abe273 The package presents itself as an ASGI healthcheck/request-logging utility, but its advertised configurelogging helper exposed from the top-level...
Malicious code in starlette-healthcheck (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45d8da59826f5074d5b65d3b4733a4da6e7ce20167db9c14f7004e5fb7abe273 The package presents itself as an ASGI healthcheck/request-logging utility, but its advertised configurelogging helper exposed from the top-level...
unified-bb-suite
Unified BB Suite — Combined Workflow Two work...
Malicious code in polymarket-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65aa9243f492d222e1bb036c8ed55fb17268bd987a63ad2ea2aa1b28e44defc3 Package is published as a Polymarket API client but its default export getPlugin performs unconditional remote code execution on use. On invocation i...
MAL-2026-6713 Malicious code in polymarket-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65aa9243f492d222e1bb036c8ed55fb17268bd987a63ad2ea2aa1b28e44defc3 Package is published as a Polymarket API client but its default export getPlugin performs unconditional remote code execution on use. On invocation i...
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Argo CD , a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster...
repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection
Vulnerability Metadata | Field | Detail | | --- | --- | | Affected Component | src/core/git/gitCommand.ts execGitShallowClone | | Impact | Arbitrary Command Execution / Security Control Bypass | Summary The --remote-branch CLI option in repomix is vulnerable to argument injection. User-supplied...
GHSA-9MM9-RQHJ-J5MX repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection
Vulnerability Metadata | Field | Detail | | --- | --- | | Affected Component | src/core/git/gitCommand.ts execGitShallowClone | | Impact | Arbitrary Command Execution / Security Control Bypass | Summary The --remote-branch CLI option in repomix is vulnerable to argument injection. User-supplied...
GHSA-GVPP-V77H-5W8G Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`
Untrusted Project Bootstrap Code Execution via CLAUDEPROJECTDIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDEPROJECTDIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the...
Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`
Untrusted Project Bootstrap Code Execution via CLAUDEPROJECTDIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDEPROJECTDIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the...
auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback
SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl src/security.ts to block requests to private and loopback addresses. However, the isPrivateV6 function fails to detect IPv4-mapped IPv6 loopback addresses in their...
GHSA-PVRJ-8CG3-J5F8 auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback
SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl src/security.ts to block requests to private and loopback addresses. However, the isPrivateV6 function fails to detect IPv4-mapped IPv6 loopback addresses in their...
php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>
A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...
php: signed integer overflow in metaphone()
A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...
USN-8489-1 linux-oem-7.0 vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8489-1: Linux kernel (OEM) vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for June 2026.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF008. These vulnerabilities have been also adressed in 24.0.0-IF007, 25.0.0-IF005 and 25.0.1-IF001. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the...