MAL-2025-78664 Malicious code in hadianto-ronde36-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0d6ea9ad90d549d8200c51d5317e599d4500b94da4ed3584dfe648eab8bd718 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

[SECURITY] Fedora 42 Update: dotnet8.0-8.0.121-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

PT-2025-46540

Name of the Vulnerable Software and Affected Versions Altair Grid Engine versions prior to 2026.0.0 Description The software does not properly validate environment variables when loading shared libraries, which can allow for path hijacking through malicious library substitution. A local attacker...

Siemens Altair Grid Engine 代码问题漏洞

Siemens Altair Grid Engine is a distributed resource management system from Siemens USA. A code issue vulnerability exists in Siemens Altair Grid Engine versions prior to V2026.0.0, which stems from a failure to properly validate environment variables when loading shared libraries, which could le...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF007

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF007 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openjpeg (SUSE-SU-2025:3946-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3946-1 advisory. - CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning...

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

Security update for openjpeg

This update for openjpeg fixes the following issues: CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning messages on the terminal bsc1227410. Other bug fixes: Ensure no bundled libraries are used bsc1250467. Patch Instructions: To install this SUSE...

SUSE-SU-2025:3946-1 Security update for openjpeg

This update for openjpeg fixes the following issues: - CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning messages on the terminal bsc1227410. Other bug fixes: - Ensure no bundled libraries are used bsc1250467...

Security update for qatengine, qatlib

This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365 CVE-2024-31074 bsc1233366 CVE-2024-33617 Update to 1.7.0: ipp-crypto name change to cryptography-primitives QATSW G...

Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses setuptools 76.1.0, urllib3-1.26.20-py2.py3-none-any.whl, cross-spawn v7.0.3, braces v3.0.2, axios-1.11.0.tgz, xmltodict-0.14.2-py2.py3-none-any.whl, WebSphere Application Server Liberty version 25.0.0.8 which is vulnerable to CVE-2025-47273, CVE-2025-5018...

CVE-2025-62776

The installer of WTW EAGLE for Windows 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

ROS-20251030-05

Vulnerability of Erlang programming language OTP library set is related to incorrect checking of ZIP archives in "zip:unzip/1,2" and "zip:extract/1,2" procedures of Erlang/OTP standard library ZIP archives in the "zip:unzip/1,2" and "zip:extract/1,2" procedures of the Erlang/OTP standard library...

Malicious Package

Overview e-voting-libraries-ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries

Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...

CVE-2025-62776

The installer of WTW EAGLE for Windows 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

PT-2025-44234

Name of the Vulnerable Software and Affected Versions WTW EAGLE for Windows version 3.0.8.0 Description The installer for WTW EAGLE for Windows has a DLL search path issue that could allow for the insecure loading of Dynamic Link Libraries. This could potentially lead to the execution of arbitrar...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4440 more potentially affected by CVE-2025-62727 via starlette (>=0.10.1 <=0.49.0)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-62727 Source advisory: SNYK:PYTHON-STARLETTE-13733964...

anubis-policy-api (>=0.3.0 <=0.6.0), awsdf (=0.1.12) +29 more potentially affected by CVE-2025-61385 via pg8000 (>=1.12.1 <=1.31.4)

pg8000 PYPI version =1.12.1, =0.3.0, =2.0.0, =0.17.1, =0.4.0, =2050.0.0, =0.0.6, =1.0.5, =0.5.2, =0.1.0, =0.0.1, =2.40.0, =1.0.0, =0.2.2, =1.0.1, =1.0.3 and more Source cves: CVE-2025-61385 Source advisory: SNYK:PYTHON-PG8000-13723709...

[SECURITY] Fedora 42 Update: golang-github-facebook-time-0^20251021gite970944-1.fc42

Meta's Time libraries...