Malicious code in verizon-media-open-source-project-portal (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41612 Malicious code in verizon-media-open-source-project-portal (npm)

--- -= Per source details. Do not edit below this line.=-...

libbiosig stack buffer overflow vulnerability (CNVD-2025-20240)

libbiosig is BioSig Project open source an open source software library for biomedical signal processing . With biological signal analysis functions. libbiosig has a stack buffer overflow vulnerability that can be exploited by an attacker to cause execution of arbitrary code...

WordPress plugin Zephyr Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

libbiosig stack buffer overflow vulnerability (CNVD-2025-20246)

libbiosig is BioSig Project open source an open source software library for biomedical signal processing . With biological signal analysis functions. libbiosig has a stack buffer overflow vulnerability that can be exploited by an attacker to cause execution of arbitrary code...

PT-2025-35115

Name of the Vulnerable Software and Affected Versions JetBrains Junie versions 243.284.50 through 252.284.66 Description An information disclosure issue exists in the search project function. Recommendations Update JetBrains Junie to a version after 252.284.66...

📄 Coolify 4.0.0-beta.420.6 Command Injection

Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a critical remote code execution flaw in the project deployment workflow. The platform allows authenticated users, with low-level privileges, to inject arbitrary shell commands via the Git Repository URL field during...

Malicious code in @nx/eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 28938ac9b6855425f3f452af308a0335a4dc5eb1c23ba08865c5cc5be914783e The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

MAL-2025-41441 Malicious code in @nx/node (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2af988f9c4fc2229b1c898c346bb959612eb11fe9a5065e686c47328bee221e0 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

MAL-2025-41440 Malicious code in @nx/key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a77d672a4263588b96bbf3fbf8ddbd4e1e7b6ee0bccd619a447bf9e301883b3 The package @nx/[email protected] is published under the @nx scope and ships a heavily obfuscated JavaScript file native.js using hex-mangled identifiers...

DRUPAL-CONTRIB-2025-104

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

DRUPAL-CONTRIB-2025-103

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

DRUPAL-CONTRIB-2025-102

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

CVE-2025-34157

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to...

CVE-2025-34157

CVE-2025-34157 concerns Coolify. A stored XSS in the project-creation workflow affects versions prior to 4.0.0-beta.420.6. An authenticated user with low privileges can craft a project name containing JavaScript, which when an administrator deletes the project executes in the admin context, enabl...

CVE-2025-34157 Coolify Stored Cross-Site Scripting (XSS) in Project Name Field

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to...

CVE-2025-34157 Coolify Stored Cross-Site Scripting (XSS) in Project Name Field

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to...

CVE-2025-34157

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to...