MAL-2026-3429 Malicious code in openai-spellchecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...

CVE-2025-10476

WP Fastest Cache for WordPress

CVE-2025-10476 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

EUVD-2025-24224

Malicious code in bioql PyPI...

EUVD-2025-19847

Malicious code in bioql PyPI...

CVE-2025-8418

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

CVE-2025-8418

CVE-2025-8418 : B Slider – Gutenberg Slider Block for WP (WordPress) is vulnerable up to version 1.1.30 due to missing capability checks on the activated_plugin function. Authenticated users with subscriber-level access or higher can install arbitrary plugins, potentially enabling remote code exe...

BIT-LIBPYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

CVE-2024-48251

Wavelog 1.8.5 allows Activatedgridmapmodel.php getbandconfirmed SQL injection via band, sat, propagation, or mode...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets that originates when the audio kernel driver performs voice-activated sound model registration, which can lead to memory corruption...

Fedora 41 : libcomps / libdnf / python3-docs / python3.13 (2024-3c18fe0d93)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-3c18fe0d93 advisory. This is the first maintenance release of Python 3.13 ==================================================== Python 3.13 is the newest major release of...

DEBIAN-CVE-2024-50184

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtiopmemflush, causing the system to hang. So add a status check in the beginning o...

PT-2024-33057 · Wavelog · Wavelog

Name of the Vulnerable Software and Affected Versions: Wavelog version 1.8.5 Description: The issue is an SQL injection vulnerability in the Activated gridmap model.php file. This vulnerability can be exploited through the band, sat, propagation, or mode variables. Recommendations: For Wavelog...

SUSE CVE-2024-42130

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

USN-6935-1 prometheus-alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

DEBIAN-CVE-2024-42130

In the Linux kernel, the following vulnerability has been resolved: nfc/nci: Add the inconsistency check between the input data length and count write$ncir0, &0x7f0000000740=ANY=@ANYBLOB="610501", 0xf Syzbot constructed a write call with a data length of 3 bytes but a count value of 15, which...

MAL-2024-7491 Malicious code in sap-activated (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 874347ab28d548c8a20f54b3507a280747ded59172d14ee1c9356fdeab9bf93b The OpenSSF Package Analysis project identified 'sap-activated' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in sap-activated (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 874347ab28d548c8a20f54b3507a280747ded59172d14ee1c9356fdeab9bf93b The OpenSSF Package Analysis project identified 'sap-activated' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CLSA-2024-1709562964 Fix CVE(s): CVE-2023-50387, CVE-2023-50868

SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multip...

Siemens CP-8031 信任管理问题漏洞

The SICAM A8000 RTU Remote Terminal Unit series is a modular family of devices for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the CPCI85 firmware of the Siemens SICAM A8000 device, which can be exploited by an attacke...