CVE-2025-62379

Reflex (Python web app framework) versions 0.5.4–0.8.14 contain an Open Redirect in the /auth-codespace route: the redirect_to query parameter is assigned directly to client-side links without validation, triggering automatic navigation, which can redirect users to arbitrary external URLs. The vu...

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

MAL-2025-48418 Malicious code in cryptocom-internal-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2f5ee433ed448881b851d37d04551c6efa2158704ade3830378ef1b9587c1c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cryptocom-internal-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2f5ee433ed448881b851d37d04551c6efa2158704ade3830378ef1b9587c1c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview cryptocom-internal-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

EUVD-2025-34523

Malicious code in cryptocom-internal-auth npm...

SUSE SLES15 Security Update : kernel (Live Patch 4 for SLE 15 SP6) (SUSE-SU-2025:03566-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03566-1 advisory. This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched:...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...

Linux Distros Unpatched Vulnerability : CVE-2025-61783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail ev...

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070051 fixes several issues. The following security issues were fixed: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. CVE-2025-22023: usb: xhci: Don't skip on Stopped - Length Invalid bsc1246754. CVE-2025-38089: sunrpc:...

SUSE-SU-2025:03572-1 Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-150700533 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth error bsc1245509...

SUSE-SU-2025:03569-1 Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002333 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744. - CVE-2025-38089: sunrpc: hand...

SUSE-SU-2025:03567-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002353 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth error bsc1245509...

SUSE-SU-2025:03566-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. -...

Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744. CVE-2025-38089: sunrpc: handle...

BIT-GRAFANA-IMAGE-RENDERER-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

SUSE CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

anomalydetection (=0.0.0.dev1), athiruma-cloud-governance (>=1.1.89 <=1.1.345) +28 more potentially affected by CVE-2025-61911 via python-ldap (>=2.4.19 <=3.4.4)

python-ldap PYPI version =2.4.19, =1.1.89, =3.1.2, =3.7.1, =1.0.426, =2.2.1.dev6, =0.0.2, =0.4.4, =1.0.0, =0.0.0, =1.1.0, =3.7.0, =3.8.0 and more Source cves: CVE-2025-61911 Source advisory: OSV:GHSA-R7R6-CC7P-4V5M...

CVE-2025-61783

A flaw was found in Python Social Auth, a social authentication and registration framework. During authentication, a user account could be incorrectly associated by e-mail even when the associatebyemail pipeline was not explicitly enabled. This behavior could allow account takeover if a third-par...