CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. Mitigation Mitigation for this issue is either not available o...

TOR Virtual Network Tunneling Tool 0.4.8.18

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

Parcel has an Origin Validation Error vulnerability

parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. Version 2.16.4 supports a --no-cors option which disables CORS...

GHSA-QM9P-F9J5-W83W Parcel has an Origin Validation Error vulnerability

parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. Version 2.16.4 supports a --no-cors option which disables CORS...

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them...

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them...

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them...

parcel 安全漏洞

parcel is a zero-configuration build tool for the web from Parcel open source. A security vulnerability exists in parcel 2.0.0-alpha and earlier versions, which stems from a source validation error that allows a malicious website to send XMLHTTPRequests to the development server and read the...

CVE-2025-56648

CVE-2025-56648 affects npm parcel 2.0.0-alpha and earlier, with an Origin Validation Error. The vulnerability allows a malicious site to send XMLHTTPRequests to the development server and read the response, potentially stealing source code when developers visit the site. The CVSSv3.1 base score i...

PT-2025-38252

Name of the Vulnerable Software and Affected Versions parcel versions 2.0.0-alpha and earlier Description A security issue exists in Parcel that allows malicious websites to send XMLHTTPRequests to the application's development server and read the response, potentially leading to source code thef...

CVE-2025-56648

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them...

A Practical Adversarial Attack against Sequence-Based Deep Learning Malware Classifiers

Sequence-based deep learning models e.g., RNNs, can detect malware by analyzing its behavioral sequences. Meanwhile, these models are susceptible to adversarial attacks. Attackers can create adversarial samples that alter the sequence characteristics of behavior sequences to deceive malware...

Linux Distros Unpatched Vulnerability : CVE-2025-30359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source...

I2P 2.10.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

DependencyCheck

This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...

Wapiti Web Application Vulnerability Scanner 3.2.5 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

...

webpack-dev-server users' source code may be stolen when they access a malicious web site

...

Linux Distros Unpatched Vulnerability : CVE-2025-48068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may...

CVE-2025-8857

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code...