Connect with us
A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached...
A dangerous bug in Cacti, the RRDTool frontend and performance/fault management framework, potentially allowed attackers to run arbitrary PHP commands on the server. Cacti is a popular...
Melis Platform, the open source e-commerce and content management system (CMS), was vulnerable to remote code execution (RCE) via a critical deserialization vulnerability. Tracked as CVE-2022-39297 and with a CVSS score of...
An indirect object reference (IDOR) vulnerability in the Squiz Matrix web content management system (CMS) could have enabled attackers to seize admin rights on targeted installations....
QNAP has warned customers today that some of its Network Attached Storage (NAS) devices (with non-default configurations) are vulnerable to attacks that would exploit a three-year-old...
The maintainers of Guzzle, the popular HTTP client for PHP applications, have addressed a high severity vulnerability leading to cross-domain cookie leakage. Drupal, the open source content management...
Yesterday, developers took notice of two hugely popular Python and PHP libraries, respectively, ‘ctx’ and ‘PHPass’ that had been hijacked, as first reported in the news by BleepingComputer. Both...
PyPI module ‘ctx’ that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer’s environment...
A pair of vulnerabilities in the web control panel of IT monitoring system Icinga created a route for even unauthenticated attackers to run arbitrary PHP code and hijack...
UPDATED Attackers could have wreaked havoc on the PHP ecosystem by exploiting a pair of longstanding vulnerabilities that were only recently patched in package manager PEAR, according to security...
Recent Comments