MAL-2025-190940 Malicious code in url-encode-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce07aaa237eff3cc95c7bb560f4096191d2d5328de45f176f3f8662ca7cd34 The package url-encode-decode was found to contain malicious code. Source: ghsa-malware...

123cli-guessing-game (=1.0.0), @slatwall/cra-template-ultra-commerce-storefront (>=0.2.0 <=0.3.3) +5 more potentially affected by unknown CVE via url-encode-decode (=1.0.0)

url-encode-decode NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-encode-decode and may be impacted: - 123cli-guessing-game =1.0.0 - @slatwall/cra-template-ultra-commerce-storefront =0.2.0, =0.6.0, =1.0.0, =1.0.1, =0.1.0, =0.3.2...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

SUSE-SU-2025:4149-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc124985...

TencentOS Server 4: python3.12 (TSSA-2025:0530)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0530 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

Mozilla Thunderbird < 52.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-13 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex...

SUSE-SU-2025:4111-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857. ...

OSV-2025-900 Heap-buffer-overflow in DecodeFrame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=460575093 Crash type: Heap-buffer-overflow READ Crash state: DecodeFrame testdecoderprocess EsOutSend...

EUVD-2025-178288

Malicious code in java-socket-cluster-decode-catch npm...

EUVD-2025-175785

Malicious code in upsilon-decode-catch-log-function npm...

EUVD-2025-180520

Malicious code in abstract-mu-kappa-authenticate-decode npm...

Malicious code in quick-decode-transpile-array-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 789be1eb5319667c7103faae653520c2ac40f78ca9957e497f34f7395845b3d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179381

Malicious code in decode-info-new-finally-new npm...

EUVD-2025-179251

Malicious code in double-decode-encrypt-cache-bundle npm...

EUVD-2025-179383

Malicious code in decode-authenticate-final-delta-enum npm...

EUVD-2025-179058

Malicious code in error-bash-monitor-stack-decode npm...

Malicious code in mu-dog-proxy-decode-unix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88cdfbf38d06291aae96e832f05b29f00cfd35589943f585837dc348ec6b1fce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176082

Malicious code in table-old-sun-await-decode npm...

EUVD-2025-175752

Malicious code in user-boolean-info-decode-try npm...