Malicious code in @cloudplatform-single-spa/vcenter-virtual-machines (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

CVE-2026-7903

Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

[SECURITY] Fedora 43 Update: dotnet8.0-8.0.125-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF)

Summary This vulnerability allows a user to escape the container network isolation and access the host’s local services 127.0.0.1 bound on the host. The vulnerability is applicable only on the MacOS and Windows environments while using Docker Desktop, Containerd on Lima VM, or Podman. Details...

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

EUVD-2019-5467

Malware in sbrugna...

EUVD-2020-22032

Malware in sbrugna...

EUVD-2023-52724

Malicious code in bioql PyPI...

CVE-2025-4641

CVE-2025-4641 affects bonigarcia WebDriverManager (WebDriverManager.java) and is caused by improper restriction of XML External Entity references in XML parsing components. Affected versions are 1.0.0 through before 6.0.2 (per CVE description); remediation in public advisories ranges from upgradi...

OPENSUSE-SU-2025:0091-1 Security update for restic

This update for restic fixes the following issues: - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 boo1239264 - Update to version 0.17.3 - Fix 4971: Fix unusable mount on macOS Sonoma - Fix 5003: Fix metadata errors during...

CVE-2024-23755

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode...

CVE-2023-44209

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 29051, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver that originates from allowing remote code execution and affects the...

Mozilla Firefox < 112.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 112.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-13 advisory. - Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported...

Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)

rtl433 despite the name is a generic data receiver, mainly for the 433.92 MHz, 868 MHz SRD, 315 MHz, 345 MHz, and 915 MHz ISM bands. The official source code is in the https://github.com/merbanan/rtl433/ repository. For more documentation and related projects see the https://triq.org/ site. It...

CVE-2021-33041

vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...

CVE-2017-5049

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...