MAL-2025-143314 Malicious code in hermes-development-browserify-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 603d2d8cb661d4bfb2a2f0cae3ab47d384a2ec9b7bd2980e68a0ee846b0d175c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141625 Malicious code in development-mui-avior-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 847441eefbf7f87609313b98589bff9e11ed701a7d8cef315a07e5b6dc2f7cb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2025-46671

Name of the Vulnerable Software and Affected Versions CentralSquare Community Development version 19.5.7 Description A SQL Injection issue exists in CentralSquare Community Development 19.5.7. Attackers can inject SQL code through the permit no field. Recommendations Update to a newer version tha...

CVE-2025-64280

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...

CVE-2025-64281

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials...

CVE-2025-59491

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7 that originates from cross-site scripting in form fields...

CVE-2025-59491

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7, which stems from an authentication bypass that could result in unauthorized acces...

CVE-2025-64280

CVE-2025-64280 affects CentralSquare Community Development 19.5.7. The vulnerability is a SQL injection through the permit_no field caused by unfiltered input in the application, with CVSS v3.1 base score 9.8 (CRITICAL). The impact targets confidentiality, integrity, and availability. No exploita...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7 that stems from unfiltered input in the permitno field, which could lead to an SQL...

CVE-2025-64281

CVE-2025-64281 describes an authentication bypass in CentralSquare Community Development version 19.5.7 that allows attackers to access the admin panel without admin credentials. The connected sources confirm the affected product and version, the issue is labeled as a high-impact vulnerability (C...

PT-2025-46668

Name of the Vulnerable Software and Affected Versions CentralSquare Community Development version 19.5.7 Description A Cross Site Scripting issue exists in CentralSquare Community Development. The issue is present in form fields, potentially allowing for malicious script injection. Recommendation...

CVE-2025-64280

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...

EUVD-2025-93390

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install...

Malicious code in mjtagb-devapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b567fe4fc4cda6d3126ad6ab4f7c81bdd872b51e52164c1eaeb33f9a175f2276 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-67673

Malicious code in putra-martabak47-apidev npm...

PT-2025-46518

Name of the Vulnerable Software and Affected Versions Adobe Pass versions 3.7.3 and earlier Description An Incorrect Authorization issue exists in Adobe Pass. An attacker could bypass security measures and gain unauthorized read and write access. Exploitation requires user interaction, specifical...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-1261)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1261 advisory. Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Tenable has extracted the preceding descripti...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1282)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1282 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 Tenable has extracted the preceding description blo...