Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem...

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

wisp

Wisp — the open-source Ghost alternative, built in Elixir & Ph...

ROS-20260609-73-0014

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260609-73-0012

The vulnerability of the ngxhttpscgimodule and ngxhttpuwsgimodule modules in NGINX Plus and NGINX Open Source web servers is related to uncontrolled memory consumption. Exploiting this vulnerability can allow a malicious actor to perform a “man-in-the-middle” attack remotely...

ROS-20260609-73-0013

The vulnerability of the ngxhttpproxyv2module module in NGINX Open Source web servers is related to a coding error. Exploiting this vulnerability allows an attacker to potentially compromise the integrity of the protected information...

CVE-2026-44541

CVE-2026-44541 affects Fides, an open-source privacy engineering platform. A DOM-based XSS exists in the client-side script fides.js when HTML-formatted descriptions are enabled, reachable from version 2.33.0 up to before 2.84.5. The vulnerability is triggered via the fides_description override, ...

EUVD-2026-35201

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0

Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checki...

MAL-2026-5327 Malicious code in @listings/energy-labels (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4df629d1450770515d9dc9346d52b9b728dbaab01bbf64a4bb5c17563dcc6991 The OpenSSF Package Analysis project identified '@listings/energy-labels' @ 99.0.1 npm as malicious. It is considered malicious because: - The...

DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

LaRecipe < 2.8.1 Remote Code Execution via SSTI

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. id: CVE-2025-53833 info:...

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

[SECURITY] Fedora 44 Update: chromium-149.0.7827.53-1.fc44

Chromium is an open-source web browser, powered by WebKit Blink...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...