EUVD-2026-36421

@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent incomplete fix for GHSA-6m52-m754-pw2g...

CVE-2026-49993

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...

CVE-2026-49993

Nuxt (Vue.js) users using the @nuxt/rspack-builder and @nuxt/webpack-builder are affected. The CVE concerns an incomplete fix for GHSA-6m52-m754-pw2g in versions 3.15.4–3.21.6 and 4.0.0–4.4.6, where the dev server could leak source code if bound to a non-loopback address and a malicious site is o...

PT-2026-48868

Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.6 @nuxt/rspack-builder versions 4.0.0 through 4.4.6 @nuxt/webpack-builder versions 3.15.4 through 3.21.6 @nuxt/webpack-builder versions 4.0.0 through 4.4.6 Description An incomplete fix in the...

Exposed Dangerous Method or Function

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...

Hackers Are Posting the Claude Code Leak With Bonus Malware

Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more...

Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder

Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer...

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Cybersecurity researchers have disclosed a cross-site scripting XSS vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...

CVE-2025-55183

A flaw was found in React Server Components RSC. This vulnerability allows an information leak, where a specifically crafted HTTP Hypertext Transfer Protocol request to a vulnerable Server Function can unsafely return its source code. Exploitation requires a Server Function that explicitly or...

CVE-2025-12616

PHPGurukul News Portal 1.0 contains an information disclosure flaw in an unknown function of /onps/settings.py. Manipulation can insert sensitive data into debugging code, enabling remote exploitation. The vulnerability is exploitable remotely, with high attack complexity, and public exploit avai...

EUVD-2019-0551

Malware in sbrugna...

EUVD-2019-8562

Malware in sbrugna...

EUVD-2023-39050

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-3413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions...

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft...

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows -...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.0 through 15.2.2, which stems from a possible source code leak when the App Router is enabled on the development server...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2019-1010294

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...