MAL-2025-46177 Malicious code in superposition-volcanology-meteor-native (npm)

The package superposition-volcanology-meteor-native was found to contain malicious code...

MAL-2025-45231 Malicious code in mongoose-helmet-procyon-native (npm)

The package mongoose-helmet-procyon-native was found to contain malicious code...

MAL-2025-43539 Malicious code in auriga-spectron-webdriver-nuxtjs-native (npm)

The package auriga-spectron-webdriver-nuxtjs-native was found to contain malicious code...

MAL-2025-43612 Malicious code in betelgeuse-eslint-config-markdown-pdf-native (npm)

The package betelgeuse-eslint-config-markdown-pdf-native was found to contain malicious code...

MAL-2025-43451 Malicious code in antares-native-ablation-soap (npm)

The package antares-native-ablation-soap was found to contain malicious code...

Malicious code in optional-native-module (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb3a52068ea70ee162c5956b77baeabb8d46582ae8c096ce97fc7ba4fb7ef37a Any computer that has this package installed or running should be considered...

MAL-2025-45475 Malicious code in optional-native-module (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb3a52068ea70ee162c5956b77baeabb8d46582ae8c096ce97fc7ba4fb7ef37a Any computer that has this package installed or running should be considered...

WordPress plugin MaxCoach 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Domain Name Validation Bypass with Apple Native Certificate Validation

...

Why XSS still matters: MSRC’s perspective on a 25-year-old threat

Cross-Site Scripting XSS has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native architectures. At Microsoft, we still receive a steady stream of XSS reports across our services, fr...

MGASA-2025-0223 Updated tomcat packages fix vulnerabilities

APR/Native Connector crash leading to DoS. CVE-2025-52434 DoS via integer overflow in multipart file upload. CVE-2025-52520 DoS via excessive h2 streams at connection start. CVE-2025-53506 H2 DoS - Made You Reset. CVE-2025-48989...

Updated tomcat packages fix vulnerabilities

APR/Native Connector crash leading to DoS. CVE-2025-52434 DoS via integer overflow in multipart file upload. CVE-2025-52520 DoS via excessive h2 streams at connection start. CVE-2025-53506 H2 DoS - Made You Reset. CVE-2025-48989...

Linux Distros Unpatched Vulnerability : CVE-2023-36808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory...

Malicious code in react-native-wm-weighingscale (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f52e44adf41110a245bb349fd32b3d12061d0548434843d6b2ee7c68e02f836 Any computer that has this package installed or running should be considered...

MAL-2025-45767 Malicious code in react-native-wm-weighingscale (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f52e44adf41110a245bb349fd32b3d12061d0548434843d6b2ee7c68e02f836 Any computer that has this package installed or running should be considered...

Malicious code in react-native-wm-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 790e08de4e57c51f573e613b7cdd780343c4f14a00aadaff30e05fca9cb69f8b Any computer that has this package installed or running should be considered...

MAL-2025-45766 Malicious code in react-native-wm-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 790e08de4e57c51f573e613b7cdd780343c4f14a00aadaff30e05fca9cb69f8b Any computer that has this package installed or running should be considered...

Malicious code in react-native-wm-barcode (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d41cd8af4fc659204e641358eda189dac7d136a2918f8cec5c945431ced9a512 Any computer that has this package installed or running should be considered...

MAL-2025-45765 Malicious code in react-native-wm-barcode (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d41cd8af4fc659204e641358eda189dac7d136a2918f8cec5c945431ced9a512 Any computer that has this package installed or running should be considered...

Malicious code in react-native-httpapi (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 872a61b5247749d233711d5fe71d6da937fd301c6cfe4317b41b6f69f4566000 Any computer that has this package installed or running should be considered...