CVE-2025-59144

CVE-2025-59144 concerns the npm package debug . On 8 Sep 2025, the npm publishing account was taken over via phishing and version 4.4.2 was published with a malware payload that attempts to redirect cryptocurrency transactions in browser environments (e.g., via direct script inclusion or bundlers...

CVE-2025-59144 [email protected] contains malware after npm account takeover

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...

CVE-2025-58172

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

CVE-2025-58172

The CVE-2025-58172 issue affects drawnix versions through 0.2.1, where the debug logging logger inserts untrusted content directly into the DOM via innerHTML without sanitization (in apps/web/src/app/app.tsx). The root cause is unsanitized user-controlled data being written to the DOM through the...

CVE-2022-50296

CVE-2022-50296 affects the Linux kernel where cpu_max_bits_warn() would warn when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled while displaying /proc/cpuinfo. The root cause is using NR_CPUS to iterate CPUs instead of the runtime limit nr_cpu_ids, which leads to a runtime war...

CVE-2022-50296 UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS is selected, cpumaxbitswarn generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using...

DEBIAN-CVE-2023-53183

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. CAUSE The root cause of the triggered ASSERT is we can have a race between quota tree creation and...

CVE-2023-53183

...

CVE-2023-53183

CVE-2023-53183 is rejected/not used and not an active vulnerability entry.

GHSA-QJ3P-XC97-XW74 MetaMask SDK indirectly exposed via malicious [email protected] dependency

Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...

MetaMask SDK indirectly exposed via malicious [email protected] dependency

Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-10433

1Panel-dev MaxKB versions up to 2.0.2/2.1.0 are affected by a vulnerability in the handling of the file /admin/api/workspace/default/tool/debug, where manipulation of the code argument can lead to a deserialization attack. The issue is exploitable remotely and has publicly disclosed proofs of con...

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

PT-2025-37726

Name of the Vulnerable Software and Affected Versions: drawnix versions through 0.2.1 Description: drawnix is an all-in-one open-source whiteboard tool. A cross-site scripting XSS issue exists in the debug logging functionality. User-controlled content is inserted directly into the DOM via...