Malicious code in fca-eryxenx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7569b032ce4e06251ebfe06b4fc124689f20ca0a7e14b5b2395dc7295bfa18c6 The package's documented login API — loginemail, password, twofactor — POSTs the caller's Facebook email, password, and 2FA secret to...

PT-2025-45058

Name of the Vulnerable Software and Affected Versions Fortinet Secure Access versions prior to 14.12 Description This is a denial of service issue discovered internally. An attacker can send a specially crafted packet to a server configured in a non-default manner, leading to a server crash...

EUVD-2025-3168

Malicious code in bioql PyPI...

OESA-2025-1134 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication...

SUSE CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

ALPINE-CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

DEBIAN-CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

UBUNTU-CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

CVE-2025-23419

CVE-2025-23419 affects nginx where multiple server blocks share an IP/port and an attacker can reuse TLS session tickets or the SSL session cache to bypass client certificate authentication on the default server. The issue stems from how session resumption is handled when the default server perfo...

Open Design Alliance CDE inWEB SDK 安全漏洞

Open Design Alliance CDE inWEB SDK is an application organized by the Open Design Alliance ODA. Web application for editing, creating and viewing DWGs. A security vulnerability exists in versions of the Open Design Alliance CDE inWEB SDK prior to 2025.3, which arises from the installation of CDE...

Red Hat Undertow Security Vulnerability

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. Red Hat Undertow has a security vulnerability that stems from the presence of a path traversal vulnerability that could allow a remote attacker to access...

Red Hat Undertow Security Vulnerability

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow. An attacker could exploit this vulnerability to cause a denial of service on the system...

Remote Mouse 4.110 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Remote Mouse RCE', 'Description' = %q This module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it...

Nextcloud 信息泄露漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in the Nextcloud iOS App that originates from the default Nextcloud Server and iOS Client leaking shared searches to...

Authorization Bypass

jupyterhubkubespawner is vulnerable to authorization bypass. An attacker is able to submit specific usernames which will grant access to the default server of the other users that uses the same username...

Red Hat Undertow Environment Issues Vulnerabilities

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. An environment issue vulnerability exists in versions prior to Red Hat Undertow 2.1.1.Final. An attacker could exploit this vulnerability to cause HTTP requests...

Multiple TIBCO Software Products Path Traversal Vulnerabilities

TIBCO Software Jaspersoft JasperReports Server is a report generation tool from TIBCO Software, USA. The product supports PDF, HTML, XLS, CSV and XML file output formats. A path traversal vulnerability exists in the default server configuration component of several TIBCO Software products, which...

Ubiquiti Networks Hardcoded Keys / Remote Management

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Insecure default configuration product: various Ubiquiti Networks products vulnerable version: see Vulnerable / tested versions fixed version: none available impact: High...

Matt Wright guestbook.pl Arbitrary Command Execution

No description provided by source. $Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...