ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +135 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =2.0.0-RC1, =8.0.2 and more Source cves: CVE-202...

cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3), cn.herodotus.dante:dante-logic-identity (>=4.0.0.0-M2 <=4.0.0.0-M3) +25 more potentially affected by CVE-2026-22752 via org.springframework.security:spring-security-oauth2-authorization-server (>=7.0.0-M3 <=7.0.4)

org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =7.0.0-M3, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =0.1.0, =7.0.0-4, =4.0.2.0-M4, =4.0.0.0-M4, =4.0.0.0-M4, =4.0.2.0-M4, =4.0.5.1 and more...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +679 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.2.1 and more Source cves: CVE-2026-22731 Source advisory: OSV:GHSA-8HFC-FQ58-R658...

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently...

Malicious code in dante-teadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a564c9d410408fdf459b399920f1bc5f8e39e6bd9c7de597668404a42beeb34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-82285

Malicious code in dante-teadev npm...

MAL-2025-101205 Malicious code in dante-teadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a564c9d410408fdf459b399920f1bc5f8e39e6bd9c7de597668404a42beeb34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability CVE-2025-2783 and COM hijacking for persistence, confirming the continued deployment o...

Mem3nt0 mori – The Hacking Team is back!

In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was...

EUVD-2024-52645

Malicious code in bioql PyPI...

EUVD-2025-7900

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-54662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dante 1.4.0 through 1.4.3 fixed in 1.4.4 has incorrect access control for some sockd.conf configurations involving socksmethod. CVE-2024-54662 Note that Nessus...

Dante Discovery < 1.2.1

The version of Dante Discovery installed on the remote Windows host is prior to 1.2.1. It is, therefore, affected by a vulnerability. mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In the...

ROS-20250619-06

Dante proxy server vulnerability is related to improper access restrictions in certain configurations of sockd.conf that includes socksmethod. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass the...

Fedora: Security Advisory (FEDORA-2024-e922e33593)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dante-1.4.4-1.1 on GA media (moderate)

dante-1.4.4-1.1 on GA media Announcement ID: openSUSE-SU-2025:15132-1 Rating: moderate Cross-References: CVE-2024-54662 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the dante-1.4.4-1.1...

CVE-2025-2700

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-2700

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-2700

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-2700 michelson Dante Editor Insert Link cross site scripting

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...