MAL-2025-25482 Malicious code in local-modules-as-global (npm)

The package local-modules-as-global was found to contain malicious code...

MAL-2025-17355 Malicious code in com.unity.modules.imgui (npm)

The package com.unity.modules.imgui was found to contain malicious code...

MAL-2025-9679 Malicious code in @womhla6s/ui-modules-rlpopup (npm)

The package @womhla6s/ui-modules-rlpopup was found to contain malicious code...

MAL-2025-9675 Malicious code in @womhla6s/ui-modules-rlapi (npm)

The package @womhla6s/ui-modules-rlapi was found to contain malicious code...

MAL-2025-7993 Malicious code in @help_center/modules (npm)

The package @helpcenter/modules was found to contain malicious code...

MAL-2025-17226 Malicious code in cmg-web-modules (npm)

The package cmg-web-modules was found to contain malicious code...

MAL-2025-9681 Malicious code in @womhla6s/ui-modules-rlswitch (npm)

The package @womhla6s/ui-modules-rlswitch was found to contain malicious code...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

CVE-2025-7353 affects Rockwell Automation ControlLogix Ethernet Modules via the web-based debugger agent (WDB). The connected PT-2025-33275 entry specifies affected software versions pre-12.001 and explains that connecting to the WDB agent from a specific IP can enable remote attackers to perform...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2024-41985

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle...

CVE-2024-41982

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information...

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...

Rockwell Automation ArmorBlock Series 安全漏洞

Rockwell Automation ArmorBlock Series is a series of secure I/O modules designed for harsh industrial environments from Rockwell Automation, Inc. A security vulnerability exists in the Rockwell Automation ArmorBlock Series that stems from a predictable web server session number increment interval...

Fedora 42 : perl-Authen-SASL (2025-fddaaaf9f0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fddaaaf9f0 advisory. 2.1900 Fixed - CVE-2025-40918 Insecure source of randomness, required addition of dependency on Crypt::URandom Changed - Modules Authen::SASL::Perl::CRAMMD5,...

Fedora: Security Advisory (FEDORA-2025-fddaaaf9f0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview checkov is an Infrastructure as code static analysis Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere when cloning external modules from private registries. An attacker can obtain sensitive access keys by...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Mitigation Disable the pamnamespace...

app.cash.trifle:common (>=0.2.9 <=0.2.10), app.cash.trifle:jvm (>=0.1.0 <=0.2.10) +893 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcpkix-jdk15to18 (>=1.63 <=1.78.1)

org.bouncycastle:bcpkix-jdk15to18 MAVEN version =1.63, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =3.5.0.0, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =0.1.1, =0.1.4.2 and more Source cves: CVE-2025-8916 Source advisory: OSV:GHSA-4CX2-FC23-5WG6...