[SECURITY] Fedora 42 Update: aw-server-rust-0.14.0^20260516.gitdf49b3d-1.fc42

A re-implementation of aw-server in Rust...

[SECURITY] Fedora 42 Update: nodejs-aw-webui-0^20260516.8d9a7f8-1.fc42

A web-based UI for ActivityWatch, built with Vue.js...

[SECURITY] Fedora 43 Update: aw-server-rust-0.14.0^20260516.gitdf49b3d-1.fc43

A re-implementation of aw-server in Rust...

[SECURITY] Fedora 44 Update: aw-server-rust-0.14.0^20260516.gitdf49b3d-1.fc44

A re-implementation of aw-server in Rust...

Fedora 42 : aw-server-rust / awatcher / nodejs-aw-webui (2026-7047e2fec5)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-7047e2fec5 advisory. Rebuilt with openssl 0.10.79 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Fedora 44 : aw-server-rust / awatcher / nodejs-aw-webui (2026-f4ddcfa64b)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f4ddcfa64b advisory. Rebuilt with openssl 0.10.79 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Fedora 43 : aw-server-rust / awatcher / nodejs-aw-webui (2026-c9d4e8b9a4)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-c9d4e8b9a4 advisory. Rebuilt with openssl 0.10.79 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

EUVD-2025-5761

Malicious code in bioql PyPI...

Malicious code in availab-le-alb-um-zip-aw-cmon-7vtid-fqzrrj (npm)

The package availab-le-alb-um-zip-aw-cmon-7vtid-fqzrrj was found to contain malicious code...

MAL-2025-15162 Malicious code in availab-le-alb-um-zip-aw-cmon-7vtid-fqzrrj (npm)

The package availab-le-alb-um-zip-aw-cmon-7vtid-fqzrrj was found to contain malicious code...

CVE-2025-23450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agenwebsite AW WooCommerce Kode Pembayaran aw-woocommerce-kode-pembayaran allows Reflected XSS.This issue affects AW WooCommerce Kode Pembayaran: from n/a through = 1.1.4...

CVE-2025-23450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agenwebsite AW WooCommerce Kode Pembayaran aw-woocommerce-kode-pembayaran allows Reflected XSS.This issue affects AW WooCommerce Kode Pembayaran: from n/a through = 1.1.4...

CVE-2025-23450

CVE-2025-23450 affects the WordPress plugin AW WooCommerce Kode Pembayaran (agenwebsite), with all versions up to 1.1.4 vulnerable to Reflected Cross-Site Scripting due to improper neutralization of input during web page generation. CVSSv3.1 base score 7.1 (HIGH) - network attack vector, no privi...

CVE-2025-23450 WordPress AW WooCommerce Kode Pembayaran plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agenwebsite AW WooCommerce Kode Pembayaran allows Reflected XSS. This issue affects AW WooCommerce Kode Pembayaran: from n/a through 1.1.4...

UBUNTU-CVE-2024-35818

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Define the ioaw hook as mmiowb Commit fb24ea52f78e0d595852e "drivers: Remove explicit invocations of mmiowb" remove all mmiowb in drivers, but it says: "NOTE: mmiowb has only ever guaranteed ordering in conjunction wit...

aw-medien.de Improper Access Control vulnerability OBB-3777999

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a...

CVE-2021-32692 Activity Watch vulnerable to command execution on macOS via printAppTitle.scpt

Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a...

CVE-2021-32692

Activity Watch (aw-watcher-window) is vulnerable to OS command execution on macOS when pre-0.11.0 releases run. The flaw arises from printAppTitle.scpt, enabling an attacker to run arbitrary commands by persuading a user to visit a page with a crafted title (browser is the likely vector). Impact ...

Malicious code in aw-ks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cff3739992a698af9b21b0d3d1f8f1f6a4a88e219ebe686bd2f69f921d5ec51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...