SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Impact When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Workarounds As workaround its possible to either disable the usage of the native SSLEngine or changing the code from: SslContext...

Netty 输入验证错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. An input validation error vulnerability exists in Netty versions 4.1.91.Final through prior to 4.1.118.Final, which stems from...

CVE-2025-0482

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/userrecoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2025-0501

An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle...

CVE-2024-43783

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

CVE-2024-29031

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of...

Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop bsc1223849 Non-security issue fixed: libxl: Fix domxml-to-native conversion bsc1222584 qemu: Fix migration with custom XML bsc1226492 Patch...

SUSE-SU-2025:20012-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop bsc1223849 Non-security issue fixed: - libxl: Fix domxml-to-native conversion bsc1222584 - qemu: Fix migration with custom XML bsc1226492...

Native Sensors vs. Integrations for XDR Platforms?

Native sensors vs. integrations in XDR: Native sensors offer faster deployment, real-time detection, and deeper visibility, while integrations may add complexity and delays. Learn how to optimize your XDR strategy for improved security...

Malicious code in victory-native-xl-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9101dd18b0880eb5358d74e5a997f3a532b49825b6a4cb47d96778143a48b4a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-725 Malicious code in victory-native-xl-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9101dd18b0880eb5358d74e5a997f3a532b49825b6a4cb47d96778143a48b4a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-748 Malicious code in react-native-country-picker-modal-modified (npm)

The package executes harmful command in pre-installation script to send sensitive data to an arbitrary domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69921c906d4d0ecfa3ba0de532e27f29b18c6be04a563ba99aa0590b1fcc77a8 Any computer that has this package install...

Malicious code in media_kit_native_event_loop (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08d4f7b68836068f9cc96c2c5db66c0ad1cbc255e21f525e5069885d7aff5e5f Any computer that has this package installed or running should be considered...

Mattermost Mobile Denial of Service Vulnerability

Mattermost Mobile is a mobile application project, developed using the React Native framework, designed to provide a cross-platform iOS and Android client for Mattermost. Mattermost Mobile suffers from a denial of service vulnerability that stems from an inability to properly validate the proto...

Malicious code in react-native-apollo-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 643d99775fbe5d1e11235967329b1d9bfdd5f173b113db79c998b0ea7f2b7b3c The OpenSSF Package Analysis project identified 'react-native-apollo-devtools' @ 1.0.0 npm as malicious. It is considered malicious because: - T...

MAL-2025-137 Malicious code in react-native-apollo-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 643d99775fbe5d1e11235967329b1d9bfdd5f173b113db79c998b0ea7f2b7b3c The OpenSSF Package Analysis project identified 'react-native-apollo-devtools' @ 1.0.0 npm as malicious. It is considered malicious because: - T...

IBM Concert Information Disclosure Vulnerability (CNVD-2025-02548)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from a detailed technical...

IBM Concert Input Validation Error Vulnerability (CNVD-2025-02547)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An input validation error vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from incorrect log...

CVE-2025-0490

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/articledodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-0491

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/catdodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...