MAL-2025-43544 Malicious code in auth-pulsar-local-transform (npm)

The package auth-pulsar-local-transform was found to contain malicious code...

MAL-2025-46675 Malicious code in xenon-auth-jabbah-materialize (npm)

The package xenon-auth-jabbah-materialize was found to contain malicious code...

MAL-2025-44116 Malicious code in elara-postgres-auth-rigel (npm)

The package elara-postgres-auth-rigel was found to contain malicious code...

Malicious code in xenon-auth-jabbah-materialize (npm)

The package xenon-auth-jabbah-materialize was found to contain malicious code...

Malicious code in auth-polaris-rate-limiter-optimize-css-assets-webpack-plugin (npm)

The package auth-polaris-rate-limiter-optimize-css-assets-webpack-plugin was found to contain malicious code...

MAL-2025-43542 Malicious code in auth-dotenv-halley-prettier-stylelint (npm)

The package auth-dotenv-halley-prettier-stylelint was found to contain malicious code...

Malicious code in auth-dotenv-halley-prettier-stylelint (npm)

The package auth-dotenv-halley-prettier-stylelint was found to contain malicious code...

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3: CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands bsc1245403. None security fixes: Rebase cloud-init to 24.4 or higher bsc1239715, jscPED-8680. Fixed cloud-init --debug status bsc1228414. Using...

OESA-2025-2136 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...

ROS-20250905-07

A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...

CVE-2025-58163

CVE-2025-58163 describes a deserialization of untrusted data vulnerability in FreeScout (PHP Laravel). Versions 1.8.185 and earlier are affected, enabling authenticated attackers (with knowledge of the APP_KEY) to achieve remote code execution. The flaw is present in an endpoint such as /help/{ma...

Linux Distros Unpatched Vulnerability : CVE-2020-7221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely,...

GHSA-MXH2-CCGJ-8635 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

Cloudflare Public Bug Bounty: [Variation of #1554049] 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in Access Temp Auth

A vulnerability was discovered in Cloudflare Access that could allow for unauthorized approvals within the Temporary Auth workflow. The issue was resolved after the researcher reported it to Cloudflare...

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Security update for go-sendxmpp (moderate)

openSUSE Security Update: Security update for go-sendxmpp Announcement ID: openSUSE-SU-2025:0332-1 Rating: moderate References: 1241814 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUS...

Linux Distros Unpatched Vulnerability : CVE-2019-7313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects...

OESA-2025-2089 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...

OESA-2025-2087 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...