MAL-2025-17978 Malicious code in dasnoo-auth-dialog (npm)

The package dasnoo-auth-dialog was found to contain malicious code...

MAL-2025-7939 Malicious code in @framgia/viblo-accounts-auth-web (npm)

The package @framgia/viblo-accounts-auth-web was found to contain malicious code...

MAL-2025-32580 Malicious code in rw-family-auth (npm)

The package rw-family-auth was found to contain malicious code...

MAL-2025-22124 Malicious code in hadron-volcanology-subscription-auth (npm)

The package hadron-volcanology-subscription-auth was found to contain malicious code...

MAL-2025-20968 Malicious code in frontend-auth-client (npm)

The package frontend-auth-client was found to contain malicious code...

MAL-2025-15623 Malicious code in betlab-common-auth (npm)

The package betlab-common-auth was found to contain malicious code...

MAL-2025-15081 Malicious code in auth-alu0100785050 (npm)

The package auth-alu0100785050 was found to contain malicious code...

CVE-2025-20244

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in ...

SUSE CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

CVE-2025-27847

CVE-2025-27847 affects ESPEC North America Web Controller 3 (prior to 3.3.8). The issue is that user session privileges are not revoked on logout via the /api/v4/auth/ endpoint, which can allow continued access after logout. CVSS v3.1 metrics indicate a Medium impact with Privileges Required: Non...

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

AZL-66311 CVE-2025-53859 affecting package nginx for versions less than 1.25.4-5

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

ALPINE-CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

DEBIAN-CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend TL...

nginx -- worker process memory disclosure

F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This...

Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025

We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit TRU with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion CVE-2024-6387 and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters...