@agentuity/evals (>=0.0.104 <=2.0.23), @agentuity/hono (>=3.0.0-alpha.0 <=3.0.0-beta.4) +291 more potentially affected by CVE-2025-68154 via systeminformation (>=5.0.6 <=5.27.13)

systeminformation NPM version =5.0.6, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =0.0.0-test.0, =0.0.0-test.0, =0.0.0-test.0, =5.0.0-private.20260319 and more Source cves: CVE-2025-68154 Source...

MAL-2025-192569 Malicious code in @ikarem/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43d2a07b55a1387aa741edace01850ec9f79a58baac8ee1897610e2b8e77cb8 The package @ikarem/telemetry was found to contain malicious code. Source: ghsa-malware...

Malicious code in @ikarem/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43d2a07b55a1387aa741edace01850ec9f79a58baac8ee1897610e2b8e77cb8 The package @ikarem/telemetry was found to contain malicious code. Source: ghsa-malware...

Man-In-The-Middle (MITM) Attack

MQTT is vulnerable to a Man-in-the-Middle MITM attack. The vulnerability is due to missing hostname verification by default, which allows an attacker to intercept and manipulate communication between clients and servers...

Authorization Bypass

Jenkins OpenTelemetry Plugin is vulnerable to Authorization Bypass. The vulnerability is due to the plugin allows users with only Overall/Read permission to invoke functionality that connects to attacker-specified URLs using attacker-controlled credential IDs, and enables attackers to capture or...

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery CI/CD...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

EUVD-2025-201811

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

PT-2025-49595

Name of the Vulnerable Software and Affected Versions R.V.R. Elettronica TLK302T telemetry controller version 1.5.1799 Description A stored cross-site scripting issue exists in the web management interface. This allows for the injection of malicious scripts that can be executed in the context of...

CVE-2025-65228

TLK302T telemetry controller (firmware 1.5.1799) contains a stored cross-site scripting vulnerability in its web management interface. The issue affects the web UI component, enabling script injection that could impact other users’ browsers when the interface is accessed. Root cause details are n...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

R.V.R. Elettronica TLK302T 安全漏洞

The R.V.R. Elettronica TLK302T is a telemetry control system from R.V.R. Elettronica, Italy. A security vulnerability exists in the R.V.R. Elettronica TLK302T that originates from the presence of stored cross-site scripting in the web management interface...

A Practical Honeypot-Based Threat Intelligence Framework for Cyber Defence in the Cloud

In cloud environments, conventional firewalls rely on predefined rules and manual configurations, limiting their ability to respond effectively to evolving or zero-day threats. As organizations increasingly adopt platforms such as Microsoft Azure, this static defense model exposes cloud assets to...

CVE-2025-66217 AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Leng...

EUVD-2025-199305

Malicious code in @jayeshsadhwani/telemetry-sdk npm...

EUVD-2025-199309

Malicious code in @hyperlook/telemetry-sdk npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@agent-relay/daemon (>=2.0.5 <=2.3.14), @agent-relay/dashboard (>=2.0.18 <=2.0.19) +364 more potentially affected by unknown CVE via posthog-node (>=4.0.0 <=4.18.0)

posthog-node NPM version =4.0.0, =2.0.5, =2.0.18, =2.0.5, =2.0.5, =0.59.0, =1.0.0, =0.3.0, =1.0.0, =0.17.1, =1.1.1, =0.1.6, =1.0.0, =0.7.107, =0.1.0, =2.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-POSTHOGNODE-14103346...