Malicious code in siska-oblok95-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 772c035a43f854203fca5e79dc0dc667ead053a52e702edb254e64989b30479f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Django: Potential SQL Injection when annotating FilteredRelation on PostgreSQL

A potential SQL injection vulnerability was discovered in Django's annotation of FilteredRelation on PostgreSQL. The vulnerability was caused by an incomplete regular expression filter in the FORBIDDENALIASPATTERN. This allowed user input to be interpreted as raw strings, potentially enabling the...

Malicious Package

Overview SqlDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

Malicious Package

Overview SqlRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

Malicious Package

Overview SqlUnicornCore is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense , describing it as...

ROS-20251106-04

Vulnerability of django.utils.archive.extract function of Django web application software platform is related to errors in the relative directory path handling mechanism. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions. Vulnerability in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988875 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasdaliasgetstartdev due to missing pavgroup Fix Oops in...

PT-2025-44210

CVE-2025-89012 in Apache HTTP Server mods enables path traversal for file reads—patched Oct 30 release. Web admins: Lock down alias directives tight. Solid config audit seals it. CyberSecurity InfoSec Vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:3725-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3725-1 advisory. The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

OESA-2025-2463 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to S...

EUVD-2025-34777

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

CVE-2025-62378

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

CVE-2025-11851

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

CVE-2025-11851 Apeman ID71 set_alias.cgi cross site scripting

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

CVE-2025-11851 Apeman ID71 set_alias.cgi cross site scripting

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /setalias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

Apeman ID71 代码注入漏洞

Apeman ID71 is a webcam from Apeman. A code injection vulnerability exists in the Apeman ID71 EN75.8.53.20 version, which stems from the incorrect manipulation of the parameter alias in the file /setalias.cgi, and could lead to a cross-site scripting attack...

CVE-2025-62378

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

CVE-2025-62378

CommandKit (Discord.js meta-framework) versions 1.2.0-rc.1 through 1.2.0-rc.11 expose ctx.commandName as the alias used to invoke a message command, rather than the canonical command name. This affects both middleware and the command’s own run context, enabling potential misapplication of permiss...

CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...