CVE-2025-54119

CVE-2025-54119 affects the PHP ADOdb library. In versions 5.22.9 and earlier, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL when using ADOdb to connect to sqlite3 databases and calling metaColumns(), metaForeignKeys(), or metaIndexes() with a crafted table ...

CVE-2025-54119 ADOdb's sqlite3 driver allows SQL injection

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

CVE-2025-4426

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

CVE-2025-4421

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

CVE-2025-4422

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

MAL-2025-6658 Malicious code in stv-utils-frontend (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...

MAL-2025-6116 Malicious code in pre-and-postinstall-scripts-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4994e0104f427d4e6ac062c0ec26e609127db5c43b703a286194e39d36ae9e9 Any computer that has this package installed or running should be considered...

MAL-2025-6125 Malicious code in slf4j-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7ccd4cc3b9a566cde097a25dda1efca4dc2bc70d632e77b01f3e21128e03356 Any computer that has this package installed or running should be considered...

PT-2025-29329 · Unknown · Modern Bag

Name of the Vulnerable Software and Affected Versions: Modern Bag version 1.0 Description: A critical issue exists in Modern Bag 1.0, specifically within the /admin/category-list.php file. Manipulation of the idCate argument can lead to a SQL injection. This allows for remote attacks. The exploit...

MAL-2025-5597 Malicious code in @figshare/old-viewers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b582af08f54b24b027eb8ffb5e56e63e4efff4c947ef2abb5fc552a7476539d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5559 Malicious code in hardhat-deploy-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2081250ac75574ee18ddea2caa510104e94d2673de1ad4fa445d96559d2a1f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5486 Malicious code in @jpl-encoder/node-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea08efcad939fde82573c0498a9821f6099a09c7c0abb4817a55567595576bda Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5515 Malicious code in r6-info.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5776f3141e453fa085c2ea81f617610e3243fa733cbd8f54d01864a57e54247 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-47820

Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code...

CVE-2025-53097

Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...

MAL-2025-6477 Malicious code in chatgpt4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6a2f99d20569358bdeab51db7e4f6ea0348c87bbf832a7bc244581a472a05072 Importing the module starts shell code execution --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-5091 Malicious code in widgets-networkupdatetool (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-38058

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...