ROS-20250910-03

Vulnerability of Poppler PDF rendering library is related to lack of object threads cleanup PDF when cairodebugresetstaticdata is called. Exploitation of the vulnerability could allow an attacker to gain access to confidential information...

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2025-10164 via sglang (>=0.4.5 <=0.5.2)

sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: OSV:GHSA-9W53-XR52-MWGJ...

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +9 more potentially affected by CVE-2025-10164 via sglang (>=0.4.6.post5 <=0.5.2)

sglang PYPI version =0.4.6.post5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: SNYK:PYTHON-SGLANG-12705358...

Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...

PT-2025-36970

Name of the Vulnerable Software and Affected Versions: NVIDIA NVDebug tool affected versions not specified Description: The NVIDIA NVDebug tool contains an issue that may allow an actor to gain access to a privileged account. A successful exploit may lead to code execution, denial of service,...

npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack

Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

PT-2025-37746

Name of the Vulnerable Software and Affected Versions debug versions 4.4.2 Description The npm publishing account for debug was compromised following a phishing attack on September 8, 2025. Version 4.4.2 was published with a malicious payload designed to redirect cryptocurrency transactions withi...

CVE-2025-9709

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection EM-FI in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the...

drm/amdkfd: Destroy KFD debugfs after destroy KFD wq

...

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

CVE-2025-9517

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...

CVE-2025-9518

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...

CVE-2025-39706

Summary: CVE-2025-39706 affects the Linux kernel's DRM/AMDKFD path. The issue arises when destroying KFD debugfs before kfd_process_destroy_wq, causing a NULL pointer hang due to an attempted remove of /sys/kernel/debug/kfd/proc/ after /sys/kernel/debug/kfd was destroyed. Root cause: proc content...

CVE-2025-9709

CVE-2025-9709 concerns the Nordic Semiconductor nRF52810, where the On-Chip Debug and Test Interface has improper access control and insufficient protection against electromagnetic fault injection (EM-FI). Reports describe that an attacker can perform EM fault injection to bypass the built-in APP...

CVE-2025-9709 NRF52810 Runtime EM Fault Injection APPROTECT Bypass

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection EM-FI in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the...

CVE-2025-9709 NRF52810 Runtime EM Fault Injection APPROTECT Bypass

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection EM-FI in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the...

Malicious code in kssd-vol4-debug-serial-erlinglingsan-erlinglingwu (npm)

The package kssd-vol4-debug-serial-erlinglingsan-erlinglingwu was found to contain malicious code...

Malicious code in kssd-vol4-debug-serial-erlinglingling-erlinglinger (npm)

The package kssd-vol4-debug-serial-erlinglingling-erlinglinger was found to contain malicious code...

Malicious code in kssd-vol4-debug-app (npm)

The package kssd-vol4-debug-app was found to contain malicious code...