CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...

Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality (CVE-2026-9839)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality CVE-2026-9839 Vulnerability Details CVEID:CVE-2026-9839 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM...

The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs

Key Takeaways HazyBeacon CL-STA-1020 targets Southeast Asian government networks by abusing AWS Lambda Function URLs configured with AuthType: NONE as stealth command-and-control relays. Attackers use stolen IAM credentials to deploy Lambda functions that proxy malware communications through...

EUVD-2017-15732

Malware in sbrugna...

EUVD-2024-50703

Malicious code in bioql PyPI...

Malicious code in @epc-infra/vpc-stack (npm)

The package @epc-infra/vpc-stack was found to contain malicious code...

MAL-2025-7840 Malicious code in @epc-infra/vpc-stack (npm)

The package @epc-infra/vpc-stack was found to contain malicious code...

CVE-2024-12236

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

How to use the new CloudTrail network activity events for AWS VPC Endpoints

Learn how AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration...

CVE-2024-12432

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...

CVE-2024-12004 WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

CVE-2024-12236

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

CVE-2024-12236 Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

CVE-2024-12236 Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

CVE-2024-12236

Vertex Gemini API leaks data if a crafted fileUri for image input is used with VPC Service Controls, potentially bypassing the VPC-SC perimeter. Google Cloud fixed this by returning an error when a media file URL is specified in the fileUri parameter with VPC-SC enabled; other cases are unaffecte...

PT-2024-17503 · Google · Vertex Gemini Api

Name of the Vulnerable Software and Affected Versions: Vertex Gemini API affected versions not specified Description: A security issue exists in the Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests...

resource-agents bug fix update

An update is available for resource-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

resource-agents bug fix update

An update is available for resource-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...