socprime.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-08.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-08 2026 | Red Hat npm Packages Hit by Miasma Credential-Stealing AttackSupply Chain | Red Hat's official npm packages have been compromised by a credential-stealing attack named "Miasma." Attackers injected malicious code into the `loglevel` package, which is a dependency for numerous Red Hat npm packages. This malware aims to steal sensitive information, likely credentials, from developers who use the compromised packages. The extent of the compromise and the specific data targeted are still under investigation. Users of Red Hat's npm packages are advised to exercise caution and monitor their systems for suspicious activity. |
| 2026-05-22 2026 | CVE-2026-9082: Critical Drupal Core SQLi FlawSQLi | Analysis of CVE-2026-9082 reveals a critical SQL injection vulnerability in Drupal Core affecting PostgreSQL databases. Exploitable by anonymous attackers, this flaw in the database abstraction API allows specially crafted requests to bypass sanitization, leading to information disclosure, privilege escalation, or remote code execution. Remediation involves updating to fixed Drupal versions (e.g., 11.3.10, 10.6.9) or applying best-effort patches for unsupported branches, prioritizing internet-facing sites. The update also includes critical upstream fixes for Symfony and Twig. |
| 2026-05-14 2026 | CVE-2026-42945: Critical NGINX Rewrite FlawRCE | Writeup detailing CVE-2026-42945, an 18-year-old heap buffer overflow in NGINX's ngx_http_rewrite_module. This critical vulnerability, also known as NGINX Rift, affects NGINX Open Source (0.6.27-1.30.0) and NGINX Plus (R32-R36), enabling denial of service or potential remote code execution via crafted HTTP requests. Exploitation occurs when rewrite directives use unnamed PCRE captures with a replacement string containing a question mark, followed by specific other directives. Mitigation involves upgrading to patched versions or temporarily replacing unnamed captures with named ones. |
| 2026-04-19 2026 | CVE-2025-14174: Apple WebKit Memory Corruption Zero-DayMobile | Writeup on CVE-2025-14174, a WebKit memory corruption zero-day actively exploited in targeted attacks. This vulnerability, alongside CVE-2025-43529, impacts all Apple devices rendering web content, including Safari and iOS/iPadOS browsers, allowing for arbitrary code execution through malicious web pages. Google also patched a similar out-of-bounds memory access issue in ANGLE. Immediate OS and browser updates are critical mitigation measures, as these exploits highlight the growing risk of browser engine vulnerabilities. |
| 2026-04-10 2026 | CVE-2025-25257: Critical SQLi in Fortinet FortiWebSQLi | Library of detection rules and threat intelligence for CVE-2025-25257, a critical SQL injection vulnerability in Fortinet FortiWeb. This unauthenticated flaw, rated 9.6 CVSS, allows arbitrary SQL command execution and potential remote code execution via crafted HTTP/HTTPS requests. The library offers curated detection algorithms compatible with SIEM, EDR, and Data Lake formats, mapped to MITRE ATT&CK, and enriched with CTI, attack timelines, and triage recommendations. It also features Uncoder AI for automated IOC conversion and detection rule generation from threat reports. |
| 2025-12-11 2025 | CVE-2025-10573: Ivanti EPM Unauth Stored XSS FixedXSS | Writeup on CVE-2025-10573 details an unauthenticated stored cross-site scripting vulnerability in Ivanti Endpoint Manager (EPM). An attacker can inject malicious JavaScript via crafted POST requests to `postcgi.exe`, leading to session hijacking when displayed in the management console. The vulnerability, tracked as CVE-2025-10573 with a CVSS score of 9.6, is addressed by Ivanti EPM version 2024 SU4 SR1. The writeup includes an attack narrative and regression test script using `curl` to demonstrate the exploitation and expected SIEM alert generation. |