Malicious code in bitget-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c98dc8a8cb993a1e93d89d0909e8243bfd607c7a635f098ee3b3c103101cbcbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27094 Tuleap allows default values to be cleared from field configuration

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...

CVE-2025-24316

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...

CVE-2025-24316

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...

CVE-2025-24316 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...

CVE-2025-24316

CVE-2025-24316 affects the Dario Health Internet-based server infrastructure. The issue is exposure of development environment details, leading to unsafe functionality as described in the CVE entry and corroborated by multiple sources (NVD, Red Hat, CIRCL, PT Security, and CISA ICS advisory). CVS...

PT-2025-9117 · Unknown · Dario Health

Name of the Vulnerable Software and Affected Versions: Dario Health affected versions not specified Description: The issue concerns the exposure of development environment details in the Dario Health Internet-based server infrastructure, potentially leading to unsafe functionality. Recommendation...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

CVE-2024-27245

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access...

CVE-2024-27246

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access...

This Week in Spring - February 25th, 2025

Hi, Spring fans, and welcome to another rip-roarin' installment of This Week in Spring! Later today I'll board a plane for magnificent Montreal, Canada for the amazing Confoo conference! I'm super excited! Good news everybody! Spring Boot 3.5.0-M2 is now available! In last week's installment of t...

PT-2025-7919 · Zoom · Zoom Workplace Sdks +1

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps and SDKs affected versions not specified Description: The issue is related to a use after free condition in some Zoom Workplace Apps and SDKs, which may allow an authenticated user to conduct a denial of service via networ...

TVs at HUD Played an AI-Generated Video of Donald Trump Kissing Elon Musk’s Feet

On Monday morning, TV sets at the headquarters of the Department of Housing and Urban Development played the seemingly AI-generated video on loop, along with the words “LONG LIVE THE REAL KING.”...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an PPC64 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/ppc64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show...

INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech

Cary, North Carolina, 19th February 2025, CyberNewsWire...

ALSA-2025:1582 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

The vulnerability of the JWT OmniAuth provider configuration on the software platform based on git, which allows a hacker to perform XSS attacks during collaborative code development on GitLab.

The vulnerability of the JWT OmniAuth provider configuration on the software platform based on Git, for collaborative code development on GitLab, is related to the exploitation of cross-site requests. Exploiting this vulnerability allows a malicious actor to carry out a Cross-Site Scripting XSS...

CVE-2025-20615

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

RLSA-2025:0426 Moderate: java-21-openjdk security update for Rocky Linux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...