Malicious code in epic-fortnite-shared-values (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1673c5a65d3d81e0cbfe67ef5df8558add71a1993f06838d744058afa38e3ce Any computer that has this package installed or running should be considered...

MAL-2025-6681 Malicious code in epic-fortnite-shared-values (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1673c5a65d3d81e0cbfe67ef5df8558add71a1993f06838d744058afa38e3ce Any computer that has this package installed or running should be considered...

The vulnerability of the CSV file processor in the Django web development software platform allows a hacker to execute arbitrary code.

The vulnerability of the Django web application development platform’s CSV file processor is related to an incorrect path limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code by introducing it into a specially crafted CSV...

Sensitive Information Disclosure

github.com/goharbor/harbor is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an ORM leak caused by improper filtering logic in the /api/v2.0/users endpoint, allowing administrators to extract password hash and salt values using the q URL parameter...

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

CLSA-2025-1753207140 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability discovered - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintentional stripping when reading - CVE-2025-48384...

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

SUSE CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CLSA-2025-1753121050 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability addressed - debian/patches/CVE-2025-48384.patch: quote values containing CR character to prevent unintended behavior - CVE-2025-48384...

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

USN-7657-1 jq vulnerabilities

It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. CVE-2024-23337 It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote...

USN-7657-1: jq vulnerabilities

It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. CVE-2024-23337 It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote...

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

DEBIAN-CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

CVE-2025-7783

CVE-2025-7783 affects node-form-data; vulnerable versions include

WordPress plugin Listly: Listicles For WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...