MAL-2025-2394 Malicious code in newland-digitization-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35b5f032125648b5b2cad6fb57b4fcf1c6ab755e93b9ca9640fc85e041bed665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2270 Malicious code in prop2json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba3f95e1ff84041bd744e219bdd29d520207636ad498e6d7609a6717aac068d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Vulnerability inOpenSSL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability inOpenSSL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

OESA-2025-1239 python-jupyterlab security update

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface. Security Fixes: JupyterLab is an extensible...

GHSA-2CMQ-823J-5QJ8 Out-of-bounds Write in SixLabors ImageSharp

Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. Patches The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10...

CVE-2025-27598 Out-of-bounds Write in SixLabors ImageSharp

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to...

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

Linux Distros Unpatched Vulnerability : CVE-2024-50345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does no...

Linux Distros Unpatched Vulnerability : CVE-2024-52792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does...

Linux Distros Unpatched Vulnerability : CVE-2025-24898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the serv...

Internet Bug Bounty: [CVE-2025-27220] ReDoS in CGI::Util#escapeElement

The cgi gem contains a vulnerability in the CGI::UtilescapeElement method that is susceptible to Regular Expression Denial of Service ReDoS. This vulnerability has been assigned the CVE identifier CVE-2025-27220. Users are advised to upgrade the cgi gem to address this issue...

Linux Distros Unpatched Vulnerability : CVE-2023-26049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or...

Linux Distros Unpatched Vulnerability : CVE-2023-43655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php fi...

Linux Distros Unpatched Vulnerability : CVE-2024-25112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv...

Linux Distros Unpatched Vulnerability : CVE-2023-48233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with evaluetoolarg...

Linux Distros Unpatched Vulnerability : CVE-2024-27297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another...

Linux Distros Unpatched Vulnerability : CVE-2024-43806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to get stuck when...

Linux Distros Unpatched Vulnerability : CVE-2022-31108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. A...

Linux Distros Unpatched Vulnerability : CVE-2023-41051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, th...

Linux Distros Unpatched Vulnerability : CVE-2023-40567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write ...