com.oviva.telematik:epa4all-rest-service (>=0.0.4 <=1.2.1) potentially affected by CVE-2026-45574 via com.oviva.telematik:epa4all-client (>=0.0.4 <=1.2.1)

com.oviva.telematik:epa4all-client MAVEN version =0.0.4, =0.0.4, =1.2.1 Source cves: CVE-2026-45574 Source advisory: OSV:GHSA-5HHF-XMFX-4VVR...

User Impersonation

Overview @lobehub/cli is a LobeHub command-line interface. Affected versions of this package are vulnerable to User Impersonation via the X-lobe-chat-auth header on webapi routes. An attacker can gain unauthorized access to protected API endpoints and perform actions as an authenticated user by...

libcrux-aead (>=0.0.4 <=0.0.7-rc.1) potentially affected by unknown CVE via libcrux-poly1305 (>=0.0.4 <=0.0.5-rc.1)

libcrux-poly1305 CARGO version =0.0.4, =0.0.4, =0.0.7-rc.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0073...

CVE-2026-26974

Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...

CVE-2026-26974 Sylde has Improper Control of Generation of Code

Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...

CVE-2026-26974

CVE-2026-26974 (Slyde) affects Slyde versions 0.0.4 and earlier. The root cause is Node.js automatically importing any /**.plugin.{js,mjs} files, including those from node_modules, enabling a malicious package with a .plugin.js file to execute arbitrary code when installed or required. Impact is ...

WordPress Private Comment plugin <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Label Text Setting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Private Comment versions = 0.0.4...

CVE-2026-24850

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

GHSA-2CGV-28VR-RV6J libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

RUSTSEC-2025-0133 Incorrect calculation on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

MAL-2025-191461 Malicious code in baidu-src-test3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b41154fc2678ab5be471f8ef4eb2065a74e9310ea81b5d3f3fd8617a1e880d67 The package baidu-src-test3 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in baidu-src-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b70672e328a6c37f9f5a2f333c52648043af35a44d4a7c33fce30d4dde10869 The package baidu-src-test was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-12671 WP-Iconics <= 0.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Iconics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpiconics' shortcode in all versions up to, and including, 0.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2025-6908

Malicious code in bioql PyPI...

EUVD-2022-5049

Malicious code in bioql PyPI...

EUVD-2025-30534

Malicious code in bioql PyPI...

EUVD-2025-3223

Malicious code in bioql PyPI...

MAL-2025-47897 Malicious code in @imou/web-front-basic-alg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09a2b21767c80d9ac4dee1814eba71363cbdaf62aace137c60392788a16ad8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @imou/web-front-basic-alg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09a2b21767c80d9ac4dee1814eba71363cbdaf62aace137c60392788a16ad8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...