82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected

LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices...

Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across 350 unique users...

EUVD-2021-25599

Malware in sbrugna...

EUVD-2023-31743

Malicious code in bioql PyPI...

EUVD-2023-1214

Malicious code in bioql PyPI...

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...

CVE-2023-42814

Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch...

PT-2025-16395 · Nixos · Nixos

Name of the Vulnerable Software and Affected Versions: NixOS versions prior to 24.11 and 25.05 Description: The issue is a local privilege escalation affecting all NixOS users, where a local user can create a program to be executed by root during shutdown when systemd.shutdownRamfs.enable is...

GHSA-4WF3-5QJ9-368V IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validator...

GHSA-JG6F-48FF-5XRW IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical Considerable Impact; Almost Certain Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions may also be affected. Affected user...

GHSA-X5VX-95H7-RV4P Cosmos SDK: Groups module can halt chain when handling a malicious proposal

Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.15, = 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups...

WordPress File Manager Plugin < 3.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

lgsl Stored Cross-Site Scripting vulnerability

Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...

Analyzing Malicious CrowdStrike Domains: Who Is Affected and What Could Come Next

...

CVE-2024-28097

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

Cross site scripting

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2023-28018 HCL Connections s vulnerable to possible denial of service for certain users

HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

Twitter fixes bug that left devices logged in after password reset

Twitter says it has fixed a bug that meant users weren't logged out of active sessions on all devices after manually resetting their passwords. Writing on its blog, Twitter said: "We want to let you know that we recently fixed a bug that allowed Twitter accounts to stay logged in from multiple...

PT-2022-23074 · Unknown · Gitops Tools Extension For Vscode

Name of the Vulnerable Software and Affected Versions: GitOps Tools Extension for VSCode affected versions not specified Description: A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users...