EUVD-2025-177013

Malicious code in promise-meta-node-orchestrate-proxy npm...

EUVD-2025-179373

Malicious code in decrypt-info-meta-table-big npm...

Information Disclosure

github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Impersonate-Extra- headers, which are sent to external entities via the /meta/proxy endpoint, allowing an attacker to access identifiable or sensitive information such as email...

Malicious code in nurul-sambel40-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1782c5b256bcd0bd35dfcfd9d2666a33791fa5a5612bea58414c7a25e55a89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12010 Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode

The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from AuthorsListShortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to ca...

CVE-2025-64442

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4...

CVE-2025-64442

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4...

CVE-2025-64442 HumHub is vulnerable to XSS through its Meta Search component

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4...

CVE-2025-64442 HumHub is vulnerable to XSS through its Meta Search component

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4...

EUVD-2025-38326

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4...

CVE-2025-64442 HumHub is vulnerable to XSS through its Meta Search component

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4...

CVE-2025-64442

HumHub (Open Source Enterprise Social Network) versions before 1.17.4 are affected by a cross-site scripting (XSS) vulnerability in the Meta-Search feature, allowing malicious input to execute in search previews. The issue is fixed in version 1.17.4. Impact is consistent with XSS (information dis...

HumHub 跨站脚本漏洞

HumHub is the HumHub open source suite of open source social networking software written on the Yii PHP framework. A cross-site scripting vulnerability exists in HumHub versions prior to 1.17.4, which stems from a cross-site scripting vulnerability in the Meta-Search functionality that could caus...

Scam Ads Are Flooding Social Media. These Former Meta Staffers Have a Plan

Rob Leathern and Rob Goldman, who both worked at Meta, are launching a new nonprofit that aims to bring transparency to an increasingly opaque, scam-filled social media ecosystem...

[SECURITY] Fedora 42 Update: qt5-5.15.18-1.fc42

Qt5 meta package...

Meta-Learning Based Radio Frequency Fingerprinting for GNSS Spoofing Detection

The rapid development of technology has led to an increase in the number of devices that rely on position, velocity, and time PVT information to perform their functions. As such, the Global Navigation Satellite Systems GNSS have been adopted as one of the most promising solutions to provide PVT...

Relative Path Traversal

Apache Tomcat is vulnerable to Path Traversal. The vulnerability is due to the rewritten URL being normalized before it was decoded. This allows an attackers to manipulate the request URI and, if PUT is enabled, upload malicious files to bypass security constraints protecting /WEB-INF/ and...

[SECURITY] Fedora 42 Update: qt6-6.9.3-1.fc42

Qt6 meta package...

CVE-2025-62928

Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through = 1.2.0...

Relative Path Traversal

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Relative Path Traversal via the URL normalization. An attacker can bypass security constraints and access restricted directories suc...