MAL-2025-1097 Malicious code in cscropper-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03314c2593e63f6f953b281505c7a63eaa4fe7c3ffd71eb8fd8c28d5c1c16fd2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-52594

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

SUSE CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

BIT-NODE-2025-23087

Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities...

PT-2025-5388 · Unknown · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar versions n/a through 6.7.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where ...

Malicious code in pascoresend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6eb745bf1dd58bd41204dc547be9cadb3cbe35b5d804c45735c78cf6c33fe4ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Medium: git

Issue Overview: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the ho...

Medium: git

Issue Overview: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the ho...

CVE-2025-23089

...

CBL Mariner 2.0 Security Update: git (CVE-2024-50349)

The version of git installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50349 advisory. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides...

CVE-2024-13524

A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is...

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

CVE-2025-23205

CVE-2025-23205 affects nbgrader. Enabling frame-ancestors: 'self' can allow any JupyterHub user to extract content from the formgrader iframe when default JupyterHub config enable_subdomains is False, enabling an attacker to load the formgrader page with another user’s credentials. The issue has ...

CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader

nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...

SUSE CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

CVE-2024-56144

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.11.0 allow remote attackers to inject...

CVE-2025-23199

CVE-2025-23199 describes a stored XSS in LibreNMS

CVE-2024-52602

CVE-2024-52602 affects Matrix Media Repo (MMR), a multi-homeserver media repository for Matrix. An SSRF (server-side request forgery) vulnerability could cause MMR to fetch and serve content from a private network accessible to the server under certain conditions. The issue is mitigated by upgrad...

CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...