An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, includin ...
Continue Reading
September 02, 2025
org.apache.zeppelin, zeppelin-shell is vulnerable to Missing Origin Validation. The vulnerability is due to lack of origin validation in WebSocket connections, which allows an attacker to access the Z ...
Continue Reading
August 22, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x ...
Continue Reading
August 21, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old ...
Continue Reading
August 21, 2025
Name of the Vulnerable Software and Affected Versions: Komari versions prior to 1.0.4-fix1 Description: Komari is a server monitoring tool. A Cross-Site WebSocket Hijacking (CSWSH) issue exists in the ...
Continue Reading
August 21, 2025
Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled ...
Continue Reading
August 20, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. There is a stack consumption vulnerability in the res_http_webso ...
Continue Reading
August 20, 2025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. A flaw was found in Undertow. A buffer leak on the incoming WebS ...
Continue Reading
August 19, 2025
Back to Main
