CVE-2025-64067

CVE-2025-64067 affects Primakon Pi Portal 1.0.18 APIs where endpoints that return object-specific or filtered data fail to verify that the requester is authorized for the target data. This enables unauthorized access through: (1) Direct ID manipulation/IDOR by altering identifiers like user_id or...

@accordproject/template-engine contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

EUVD-2025-198978

Malicious code in @ensdomains/durin npm...

@langri-sha/projen-license (>=0.1.0 <=0.3.3), @langri-sha/projen-project (>=0.9.0 <=0.17.0) potentially affected by unknown CVE via license-o-matic (=1.2.0)

license-o-matic NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on license-o-matic and may be impacted: - @langri-sha/projen-license =0.1.0, =0.9.0, =0.17.0 Source cves: unknown CVE Source advisory: SNYK:JS-LICENSEOMATIC-14103652...

PT-2025-47941

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm SubscriberDataManagement API...

MAL-2025-190622 Malicious code in com.unity.xr.visionos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfc5fb97986cf3c32288632dc0df9916994609543b354548885edf9d229dd489 The package com.unity.xr.visionos was found to contain malicious code. Source: ghsa-malware...

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

Epic_POC7

Epi...

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

EUVD-2025-198515

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

SUSE CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504

CVE-2025-0504 affects Black Duck SCA versions prior to 2025.10.0. The root cause is an overly broad configuration of user role permissions: a scoped Project Manager with Global User Read access could access Project Administrator functionalities that should be inaccessible. Consequence: potential ...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

Information Disclosure

lxd is vulnerable to Information Disclosure. The vulnerability is due to improper validation in the image export API, where crafted requests using wildcard fingerprints allow unauthenticated network attackers to probe and determine whether projects exist...

CVE-2025-9825 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-13449

A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

PT-2025-47803

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...