qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...

ROS-20260122-73-0013

A vulnerability in the DevTools component of the Google Chrome browser is related to an unexpected sign extension. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

MiracleLinux 8 : firefox-115.7.0-1.el8_9.ML.1 (AXSA:2024-7500:06)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7500:06 advisory. Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742 Mozilla: Crash when listing printe...

MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

MiracleLinux 8 : thunderbird-115.7.0-1.el8_9.ML.1 (AXSA:2024-7501:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7501:04 advisory. Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742 Mozilla: Crash when listing printe...

PT-2026-21575

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.116 Description A flaw exists in Google Chrome's DevTools due to an inappropriate implementation. An attacker could potentially convince a user to install a malicious extension. This would allow the...

EUVD-2025-205792

Malicious code in react-devtools-shared npm...

Malicious code in react-devtools-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c07bb5eb2fa7f96705fece940955413b3976968c5a79e13bdd85ce00ec485e4 The package react-devtools-extensions was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-devtools-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd222e067bee8f9d675a2d56e5e8eb63a00a76038df2d777aae7f5659bf3b0c6 The package react-devtools-shared was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview react-devtools-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview react-devtools-extensions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2025-205793

Malicious code in react-devtools-extensions npm...

MAL-2025-192971 Malicious code in react-devtools-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c07bb5eb2fa7f96705fece940955413b3976968c5a79e13bdd85ce00ec485e4 The package react-devtools-extensions was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192972 Malicious code in react-devtools-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd222e067bee8f9d675a2d56e5e8eb63a00a76038df2d777aae7f5659bf3b0c6 The package react-devtools-shared was found to contain malicious code. Source: ghsa-malware...

Fedora 43 : cef (2025-6e776254bf)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e776254bf advisory. Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 rhbz2423482 High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of boun...

Fedora 42 : cef (2025-7605ca0d7d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7605ca0d7d advisory. Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 rhbz2423482 High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of boun...

@nocobase/devtools (>=2.0.0-alpha.2 <=2.0.0-alpha.51), @nocobase/server (>=2.0.0-alpha.2 <=2.0.0-alpha.51) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=2.0.0-alpha.10 <=2.0.0-alpha.51)

@nocobase/auth NPM version =2.0.0-alpha.10, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.51 Source cves: CVE-2025-13877 Source advisory: OSV:GHSA-MV7P-34FV-4874...

@nocobase/devtools (>=1.9.0 <=1.9.22), @nocobase/server (>=1.9.0 <=1.9.22) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=1.9.0 <=1.9.22)

@nocobase/auth NPM version =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.22 Source cves: CVE-2025-13877 Source advisory: OSV:GHSA-MV7P-34FV-4874...

@nocobase/app (>=1.0.0-alpha.1 <=1.4.0-alpha.20240914095808), @nocobase/cli (>=1.0.0-alpha.1 <=1.4.0-alpha.20240914095808) +3 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=1.0.0-alpha.1 <=1.9.0-beta.17)

@nocobase/auth NPM version =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.9.0-beta.17 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...

@nocobase/devtools (>=1.9.0 <=1.9.21), @nocobase/server (>=1.9.0 <=1.9.21) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=1.9.0 <=1.9.21)

@nocobase/auth NPM version =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.21 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...