CGA-CHX7-MMJP-V339

Bulletin has no description...

CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

MAL-2025-4802 Malicious code in @loybung/provider-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dc5e2aaa75780249ef49329cc88e74468511da4956872cadb22549951afb87e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4637 Malicious code in @majidalfuttaim/maf-ui (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2330446b43c4350ffd756e057399577c16b5b7b20767a3a71fc73b20664fe62 Any computer that has this package installed or running should be considered...

CVE-2025-48875 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...

MAL-2025-4599 Malicious code in nexpi-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4b8f8b92b2eff3d48f438a764913f3c88f02318ff7b4cc2d8783c332e76885b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Project AI 信任管理问题漏洞

Project AI is a platform by Aryan Singh Personal Developer designed to simplify the creation of AI agents using Google AI Studio. Project AI has a trust management issue vulnerability that stems from the presence of hard-coded API keys in the code...

MINI-6P6J-PRF2-MMPW

Bulletin has no description...

MAL-2025-4516 Malicious code in trip-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d2290ac829220daaf6f2242ec116548af3053789350c71da7b541e9d65a523f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-33079

Summary of CVE-2025-33079 (IBM Controller information disclosure) Affected products: IBM Controller: version 11.1.0 (and IBM Cognos Controller 11.0.0 – 11.0.1). Root cause / vulnerability: An authenticated user could obtain sensitive credentials that may be inadvertently included within the sourc...

MAL-2025-4446 Malicious code in osuny (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a422d19cd1a77a3b8c8f23546a8b28a164d923cfef3b4fee3187c2bac2d8b19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4146 Malicious code in @character-tech/client-common (npm)

--- -= Per source details. Do not edit below this line.=-...

⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More

Cybersecurity leaders aren't just dealing with attacks—they're also protecting trust, keeping systems running, and maintaining their organization's reputation. This week's developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing...

MAL-2025-3991 Malicious code in fanotify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad587097321dd0862dbb332c1103171c68338080d4f4a935afd9ed80f56ba3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3870 Malicious code in api-doc-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ed9c9d80a7285c6d9eab363f722cabd59b29f3239576a4562e6c881d6ad8899 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21264

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability

...

MAL-2025-3552 Malicious code in internal-payroll-lib-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38b57b13614231552ff2a81bd698a53edcac5cfcc943ef879a6a2e1de08d7fed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AiXamine: Simplified LLM Safety and Security

Evaluating Large Language Models LLMs for safety and security remains a complex task, often requiring users to navigate a fragmented landscape of ad hoc benchmarks, datasets, metrics, and reporting formats. To address this challenge, we present aiXamine, a comprehensive black-box evaluation...

Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028

This module enables users to log in using a short access code instead of providing a username/password combination. The module doesn't sufficiently protect against brute force attacks to guess a user's access code. This vulnerability is mitigated by the fact that access code based logins are off ...