CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

TYPO3 Extension Modules 安全漏洞

TYPO3 Extension Modules is an extension module in the TYPO3 open source content management system. A security vulnerability exists in TYPO3 Extension Modules that stems from improper authentication. The following versions are affected: versions prior to 4.3.11, versions 5.0.0 through 5.7.4,...

PT-2025-46649

Name of the Vulnerable Software and Affected Versions TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 Description An improper...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990877)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990877 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atom...

MAL-2025-127356 Malicious code in indah-gado-gado23-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab1c6ef4491519538c028903a9a26c1603398af1ae3eec5bc79360844d89298 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...

ALSA-2025:20181 Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...

RHEL 10 : pam (RHSA-2025:20181)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20181 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

GHSA-W2JF-268Q-MRVH OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

[SECURITY] Fedora 42 Update: dtkcore-5.7.7-4.fc42

Deepin tool kit core modules...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990049)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990049 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990357 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test...

EUVD-2025-36759

Malicious code in transform-es2015-modules-commonjs npm...

Malicious code in transform-es2015-modules-commonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2ad9d3d189297373f163d4e6bba02fc712b67f335bc6a6bab2ebfcf16cba487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49047 Malicious code in transform-es2015-modules-commonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2ad9d3d189297373f163d4e6bba02fc712b67f335bc6a6bab2ebfcf16cba487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...