[SECURITY] [DLA 4336-1] sysstat security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4336-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 17, 2025 https://wiki.debian.org/LTS -...

Malicious Package

Overview react-context-stylizer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview vite-react-chunker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

Malicious code in redirect-lxzc6c (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 152ea118e8feb44e1e4570368be0ca17a3bff2c77ba32e612ff9bdc5fd0fe077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

CVE-2025-11436

CVE-2025-11436 affects JhumanJ OpnForm up to version 1.9.3, where an unrestricted upload vulnerability exists in the /answer functionality. This allows remote attackers to upload arbitrary files, with the attack vector described as NETWORK and the impact including potential compromise of confiden...

PT-2025-41241

Name of the Vulnerable Software and Affected Versions Kilo Code versions prior to 4.86.0 Description A flaw exists in Kilo Code that allows for injection through manipulation of the ClineProvider function within the src/core/webview/ClineProvider.ts file of the Prompt Handler component. This issu...

EUVD-2021-2372

Malware in sbrugna...

EUVD-2020-0113

Malware in sbrugna...

EUVD-2020-18833

Malware in sbrugna...

EUVD-2021-2208

Malware in sbrugna...

MAL-2025-47924 Malicious code in eslint-plugin-paysafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aeeeb3008c1c25d409de0b1ddd06dec1567d3ddb75c311c718aeafd606e5f24f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414395)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414395 advisory. A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function deltimer of the file...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414390)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414390 advisory. A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of th...

EUVD-2025-32446

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

CVE-2025-11283

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

CVE-2025-11283 Frappe LMS Course cross site scripting

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

CVE-2025-11282 Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could b...

CVE-2025-11282

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could b...