Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

CVE-2026-47271

The CVE affects pam_usb prior to version 0.9.0, where out-of-memory guards in src/mem.c (xmalloc/xrealloc/xstrdup) were removed when NDEBUG is defined. With no NULL checks after allocation, NULL pointer dereferences occur, causing a crash in the PAM module loaded by sudo or login and leading to l...

EUVD-2026-30925

Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...

UBUNTU-CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the met...

Description of the security update for SharePoint Server 2019 Language Pack: February 10, 2026 (KB5002836)

Description of the security update for SharePoint Server 2019 Language Pack: February 10, 2026 KB5002836 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ ...

Description of the security update for SharePoint Server Subscription Edition: January 13, 2026 (KB5002822)

Description of the security update for SharePoint Server Subscription Edition: January 13, 2026 KB5002822 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If...

GHSA-7F2V-3QQ3-VVJF Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

CVE-2025-59840

CVE-2025-59840 (Vega XSS) : The vulnerability affects Vega prior to 6.2.0 where an application that attaches the Vega library and a global vega.View instance to window and allows user-defined Vega JSON can be exploited to execute arbitrary JavaScript, even with safe mode expressionInterpreter. Th...

EUVD-2003-1068

Malware in sbrugna...

EUVD-2019-5986

Malware in sbrugna...

EUVD-2009-2703

Malware in sbrugna...

EUVD-2024-3313

Malicious code in bioql PyPI...

CVE-2024-51752

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.13...

CVE-2024-51753

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...

CVE-2019-14871

The REENTCHECK macro see newlib/libc/include/sys/reent.h as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECKMP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset as is the case in production firmware builds...

Information Exposure

@workos-inc/authkit-remix is vulnerable to Information Exposure. The vulnerability is due to the debug flag being enabled, which allows an attacker to view refresh tokens logged to the console...

CVE-2024-51753

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...

CVE-2024-51752

The CVE-2024-51752 entry concerns the AuthKit Next.js library for WorkOS/AuthKit integration. Affected versions log refresh tokens to the console when the debug flag is enabled, enabling potential token exposure through logs. The issue has a patched fix in version 0.13.2; upgrading to that versio...