CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

CVE-2026-32810 Halloy has insecure file permissions on credential files

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

CVE-2026-32810

Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...

PT-2026-26688

Halloy is an IRC application written in Rust. In versions on nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any loc...

Malicious code in node-config-toml-deimos-pegasus (npm)

The package node-config-toml-deimos-pegasus was found to contain malicious code...

MAL-2025-45331 Malicious code in node-config-toml-deimos-pegasus (npm)

The package node-config-toml-deimos-pegasus was found to contain malicious code...