Malicious code in @silgi/better-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528101596869077cdc065844f592e42299e9806c92d2b4f6f145ccd18194fdd5 The package @silgi/better-auth was found to contain malicious code. Source: ghsa-malware...

Malicious code in better-auth-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a2c1f5ccee32dc0e1c83e0664d434add6b894caa54c57f137fe0367cba558f The package better-auth-nuxt was found to contain malicious code. Source: ghsa-malware 14fe0837bf9131779e90c6a1e8530acbe2d811b2df09dfa25d2d86c5a151c0...

EUVD-2025-199169

Malicious code in better-auth-nuxt npm...

MAL-2025-191073 Malicious code in better-auth-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a2c1f5ccee32dc0e1c83e0664d434add6b894caa54c57f137fe0367cba558f The package better-auth-nuxt was found to contain malicious code. Source: ghsa-malware 14fe0837bf9131779e90c6a1e8530acbe2d811b2df09dfa25d2d86c5a151c0...

EUVD-2025-199071

Malicious code in itobuz-angular-auth npm...

MAL-2025-190972 Malicious code in itobuz-angular-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afed61db59aa59cee728d1b2cbe413a85ae32a192004efad9e9d126770433bdf The package itobuz-angular-auth was found to contain malicious code. Source: ghsa-malware...

Malicious code in itobuz-angular-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afed61db59aa59cee728d1b2cbe413a85ae32a192004efad9e9d126770433bdf The package itobuz-angular-auth was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@trigo/atrix (>=6.0.0-10 <=7.0.0-alpha5), @trigo/atrix-mongoose (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via @trigo/hapi-auth-signedlink (=1.3.0)

@trigo/hapi-auth-signedlink NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @trigo/hapi-auth-signedlink and may be impacted: - @trigo/atrix =6.0.0-10, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190829...

EUVD-2025-198848

Malicious code in @trigo/hapi-auth-signedlink npm...

Malicious code in @trigo/hapi-auth-signedlink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed6824ae90bafaade2c426612b295defed6107b61296445aa2d1d728729c23b The package @trigo/hapi-auth-signedlink was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198693

Malicious code in @alaan/s2s-auth npm...

CVE-2025-12170 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

PT-2025-47813

Name of the Vulnerable Software and Affected Versions Langfuse versions 2.95.0 through 2.95.11 Langfuse versions 3.17.0 through 3.130.0 Description Langfuse is a large language model engineering platform. In Single Sign-On SSO provider configurations lacking an explicit AUTH CHECK setting, a...

CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

TencentOS Server 4: skopeo (TSSA-2025:0634)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0634 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

Fortinet FortiAnalyzer Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a...