@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.8.0) +56 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =0.6.2, =1.0.1, =2.8.0-canary.140, =2.27.0 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

Directory Traversal

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Directory Traversal via the Staging Sync Server, which does not sufficiently protect librarySubFolderPath against traversal sequence...

Authentication Bypass by Primary Weakness

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness when the Staging Sync Server is enabled which it is not by default. An attacker can gain...

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +875 more potentially affected by CVE-2025-27553 via org.apache.commons:commons-vfs2 (>=2.0 <=2.1)

org.apache.commons:commons-vfs2 MAVEN version =2.0, =0.0.4, =1.0.0, =1.0.0, =3.6.1, =3.11.0, =1.0-alpha-1, =1.0-alpha-1, =0.5, =0.5.1 and more Source cves: CVE-2025-27553 Source advisory: SNYK:JAVA-ORGAPACHECOMMONS-9511703...

com.aizuda:snail-job-client-common (>=1.0.0 <=1.10.0-beta1), com.aizuda:snail-job-client-job-core (>=1.0.0 <=1.10.0-beta1) +26 more potentially affected by CVE-2025-2622 via com.aizuda:snail-job-common-core (>=1.0.0-beta1 <=1.4.0-beta1-jdk8)

com.aizuda:snail-job-common-core MAVEN version =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0, =1.0.0, =1.0.0, =1.1.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0-beta1 and more Source cves: CVE-2025-2622 Source advisory: SNYK:JAVA-COMAIZUDA-9667344...

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +199 more potentially affected by CVE-2025-0330 via litellm (>=1.0.0 <=1.65.4.post1)

litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.2.0, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.62.9 and more Source cves: CVE-2025-0330 Source advisory: SNYK:PYTHON-LITELLM-9511161...

GHSA-GM45-Q3V2-6CF8 Fast-JWT Improperly Validates iss Claims

Summary The fast-jwt library does not properly validate the iss claim based on the RFC https://datatracker.ietf.org/doc/html/rfc7519page-9. Details The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a potential...

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index PyPI repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain...

ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1821 more potentially affected by CVE-2020-36843 via net.i2p.crypto:eddsa (>=0.1.0 <=0.3.0)

net.i2p.crypto:eddsa MAVEN version =0.1.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =0.0.6, =2.1.2, =2.1.2, =2.2, =1.1.0-dev-3, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.23.0 and more Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...

br.com.senior:crm-http-camel-api (>=0.0.2-alpha <=0.0.81-alpha), br.com.senior:novasoft-http-camel-api (>=0.0.3-alpha <=0.0.93-alpha) +3130 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=3.10.0 <=3.22.3)

org.apache.camel:camel-support MAVEN version =3.10.0, =0.0.2-alpha, =0.0.3-alpha, =0.0.1-alpha, =1.0.0, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =18.4.0, =18.4.0, =24.17.0 - com.approvaltests:approvaltests-util-tests =18.4.0 and more Source...

com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)

org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9376919...

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index PyPI repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no...

Malicious code in nmp-frontend-libraries (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9320142027c800d4b8427512d6c6c219bc910b204b892be28af3a3849302e649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2149 Malicious code in nmp-frontend-libraries (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9320142027c800d4b8427512d6c6c219bc910b204b892be28af3a3849302e649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

openpgp-ca (>=0.12.0 <=0.12.0-alpha.1), openpgp-ca-lib (>=0.12.0 <=0.13.0-alpha.1) +2 more potentially affected by unknown CVE via openpgp-card-sequoia (>=0.0.10 <=0.1.5)

openpgp-card-sequoia CARGO version =0.0.10, =0.12.0, =0.12.0, =0.1.0, =0.0.1, =0.0.15 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0011...

Linux Distros Unpatched Vulnerability : CVE-2013-1665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote...

Kingsoft WPS Office 数据伪造问题漏洞

Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functionality. A security vulnerability exists in Kingsoft WPS Office 12.1.0.18276 and prior versions, which stems from improper verification of digital signatures and could lead to the loading o...

Linux Distros Unpatched Vulnerability : CVE-2019-13224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly co...