Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend. Otherwise, the async GC worker could collect expired objects and obtain the released commit lock with...

OSV-2026-728 Stack-buffer-overflow in autoload_external_files

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512622269 Crash type: Stack-buffer-overflow READ 4 Crash state: autoloadexternalfiles loadexternaloptsthread workerthread...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013101)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013101 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not ...

[SECURITY] Fedora 42 Update: php-zumba-json-serializer-3.2.4-1.fc42

This is a library to serialize PHP variables in JSON format. It is similar of the serialize function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.ph...

CVE-2026-25129

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

HenBR-Autoload

HenBR-Autoload Download any PS4 exploit in one click...

Malicious code in avminah-afifa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ab8c71acb867eaff67cbc8ba35c08317c6253e42a2e821e7a9e007d8b93973e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in guras-visa-koreaselatan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f194b6c51e24ef248a6073d26576997e7f1ef11680c313587d9c2c3425dcc0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in backend-phenomic-csrf-auriga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42052997348b7f8d46c2e3b6c0dd0e87440a0ca439cbd7931bb5b4ae3fd164e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in absolute_eagle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcd5166d9671b235ca3f992f84668d48d313973d58eb53b133c7fdd9b991cd42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in utomo-soto4-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997a45fddcb1c8c9b49db6caa0a38656e15fa1aa88d5f41d481b897965825c6d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2002-1721

Malware in sbrugna...

EUVD-2011-3342

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-2044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted...

CVE-2024-44867

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php...

CVE-2024-44867

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php...