5610 matches found
MAL-2025-38450 Malicious code in virgo-got-sass-loader-spica (npm)
The package virgo-got-sass-loader-spica was found to contain malicious code...
MAL-2025-19482 Malicious code in elektra-grus-cassini-postcss-loader (npm)
The package elektra-grus-cassini-postcss-loader was found to contain malicious code...
MAL-2025-38782 Malicious code in warp-postcss-loader-jest-cosmicsilence (npm)
The package warp-postcss-loader-jest-cosmicsilence was found to contain malicious code...
CVE-2025-23304
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...
CVE-2025-23304
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...
CVE-2025-23304
CVE-2025-23304 affects the NVIDIA NeMo library (model loading component). The vulnerability arises from loading .nemo files with maliciously crafted metadata, enabling code injection that may lead to remote code execution and data tampering. Affected: NVIDIA NeMo library (model loading). Exploita...
Linux Distros Unpatched Vulnerability : CVE-2025-3549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function...
Linux Distros Unpatched Vulnerability : CVE-2016-4972
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient...
CVE-2025-55008
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
CVE-2025-55009
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
Information Exposure
Overview @workos-inc/authkit-react-router is an Authentication and session helpers for using WorkOS & AuthKit with React Router 7+ Affected versions of this package are vulnerable to Information Exposure via the accessToken and sealedSession parameters in the authkitLoader function. An attacker c...
CVE-2025-55008
CVE-2025-55008 affects the AuthKit React Router library for React Router 7+. In versions ≤ 0.6.1, the package exposes sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader , causing them to be rendered into browser HTML (informa...
CVE-2025-55009
CVE-2025-55009 affects the AuthKit Remix package @workos-inc/authkit-remix. Versions ≤ 0.14.1 expose sensitive artifacts (sealedSession and accessToken) via the authkitLoader, causing them to be rendered into browser HTML. This creates information exposure and potential session/API access risk, a...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
Linux Distros Unpatched Vulnerability : CVE-2025-6556
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML...
The AuthKit React Router Library rendered sensitive auth data in HTML
In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...
ExecuTorch integer overflow vulnerability
An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...
Linux Distros Unpatched Vulnerability : CVE-2022-49949
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instan...