pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

EUVD-2025-175930

Malicious code in toml-csrf-quark-geodynamo npm...

EUVD-2025-178902

Malicious code in final-scale-static-yaml-debug npm...

EUVD-2025-175775

Malicious code in uranology-less-markdown-pdf-eclipse npm...

CVE-2025-60686

ToToLink routers (A720R V4.1.5cu.614_B20230630; LR1200GB V9.1.0u.6619_B20230130; NR1800X V9.1.0u.6681_B20230703) contain a local stack-based buffer overflow in infostat.cgi and cstecgi.cgi. Both binaries parse /proc/net/arp using sscanf() with the %s specifier into fixed-size stack buffers withou...

MAL-2025-184575 Malicious code in odasv-kinu-bobac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8344e78f61193872306260e62e6648fabc0b82ca4615dd652d88424e0595c75f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-61842

Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2025-61837

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61840

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...

CVE-2025-61838

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61839

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

CVE-2025-61844

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...

CVE-2025-61841

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a...

EUVD-2025-120002

Malicious code in format-fns npm...

Malicious code in format-fns (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526920f308cc3493a6a3bc9f9e6c7869e0d79392a5ad4c3d20853f93c1be3347 The package format-fns was found to contain malicious code. Source: ghsa-malware a2305cdbb291326c8e91c15e88648a66dff9f0cdcee605ff604ec85ef226b91a Any...

Malicious Package

Overview format-fns is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2025-149903 Malicious code in format-fns (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526920f308cc3493a6a3bc9f9e6c7869e0d79392a5ad4c3d20853f93c1be3347 The package format-fns was found to contain malicious code. Source: ghsa-malware a2305cdbb291326c8e91c15e88648a66dff9f0cdcee605ff604ec85ef226b91a Any...

EUVD-2025-116520

Malicious code in ariel-cluster-yaml-vega npm...

Malicious code in rollup-plugin-style-loader-fornax-mdx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6f50a3b799ed48afece1f3c0ca47c28c205b07ca81e8376485774124ef1ed5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flare-markdown-nuxtjs-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bad6874c7e2400099e1265a13d17d1878923c6efc8c4f2ab254726f668d03798 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...