MAL-2025-16782 Malicious code in changed-services (npm)

The package changed-services was found to contain malicious code...

Malicious code in changed-services (npm)

The package changed-services was found to contain malicious code...

Magento Cross-site Scripting vulnerability

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...

GHSA-8MQ8-C243-2335 Magento Cross-site Scripting vulnerability

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...

CVE-2025-49555

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a w...

CVE-2025-49557 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

CVE-2025-49555

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a w...

CVE-2025-49555

CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...

Security update for vim

This update for vim fixes the following issues: CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss bsc1228776. CVE-2025-29768: Fixed double-free in dialogchanged bsc1239602. Patch Instructions: To install this SUSE update use the SUSE...

PT-2025-35952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The event seq changed handler in the Linux kernel does not validate the payload size against the message length, potentially leading to out-of-bounds memory access if the firmware provid...

CVE-2025-43560

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and...

CVE-2025-30293

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized write access...

CVE-2025-30289

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage...

Supply Chain Compromise of Third-Party tj-actions/changed-files (CVE-2025-30066) and reviewdog/action-setup@v1 (CVE-2025-30154)

A popular third-party GitHub Action, tj-actions/changed-files tracked as CVE-2025-30066link is external, was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets...

Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos

GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…...

tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.

Summary A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and...

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...

changed-files 安全漏洞

changed-files is tj-actions open source for keeping track of all changed files and directories associated with a target branch, previous commits, or relative paths returned from the project root for the last remote commit. A security vulnerability exists in versions prior to changed-files v46,...

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...