MAL-2025-48971 Malicious code in @msdyn365-commerce-marketplace/tax-registration-numbers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71449dcdb918b9b8c54b5420fd4cd57a99e84a172a53b0725bb39e1f6591b7bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @team-event/models (npm)

The package @team-event/models was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6769b5703bfb1b74cb1db2c7bf3e87a4abfcc35e4e3fd588c284080cb96583e2 Any computer that has this package installed or running should be considered fully...

CVE-2024-48848

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-13930 Authenticated Unchecked Loop Condition

An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

PT-2024-15397 · Unknown · Devise-Two-Factor

Name of the Vulnerable Software and Affected Versions: Devise-Two-Factor affected versions not specified Description: The issue concerns Devise-Two-Factor not throttling or restricting login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP...

Code injection

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure...

Kernel.org Server Rooted and 448 users credentials compromised

Kernel.org Server Rooted and 448 users credentials compromised The main kernel.org page is currently carrying a notice that the site has suffered a security breach. "Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we...

Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is notrequired to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell GroupwiseWebAccess use...