Malicious code in @nativescript-community/ui-pulltorefresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-53258

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank Why Underflow observed when using a display with a large vblank region and low refresh rate How Simplify calculation of vblanknom Increase value for...

DEBIAN-CVE-2023-53258

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix possible underflow for displays with large vblank Why Underflow observed when using a display with a large vblank region and low refresh rate How Simplify calculation of vblanknom Increase value for...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager ( CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of conditional scheduling during raid10 write refreshes, which could lead to a soft lockup...

CVE-2025-26499

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to t...

CVE-2025-26499

The CVE-2025-26499 entry describes a race-condition vulnerability: under heavy system utilization a concurrent action by two users during authentication or token refresh can grant a token for one user to another, enabling temporary impersonation until the session ends. Impact is exposure to anoth...

CVE-2025-26499

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to t...

CVE-2025-26499

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to t...

PT-2025-37193

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A race condition can occur during authentication or token refresh operations under heavy system utilization. This allows a user to be granted a token intended for another user, potentially leading ...

Wind River Studio Developer 安全漏洞

Wind River Studio Developer is a tool with the ability to build, test, and debug embedded system applications from Wind River Studio Developer, USA. A security vulnerability exists in Wind River Studio Developer that originates from a random contention condition that can occur during an...

CVE-2025-57070

Tenda G3 v3.0brV15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-57070

Affects: Tenda G3 router (firmware 3.0br_V15.11.0.17). Vulnerability: A stack overflow in the gstUp parameter within the guestWifiRuleRefresh function. Impact: Denial of Service via a crafted request; attacker needs network access and no authentication required per CVSS vector. Root cause: insuff...

GO-2025-3921 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder...

PT-2025-36646

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder...

CVE-2025-58359

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2025-58359

Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...