Malicious code in chia-dev-guides (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 346392e0fae6d3a254175cbf00c6b2ebbac781151d1eb9fe24079457e807b317 The OpenSSF Package Analysis project identified 'chia-dev-guides' @...

MAL-2025-5644 Malicious code in chia-dev-guides (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 346392e0fae6d3a254175cbf00c6b2ebbac781151d1eb9fe24079457e807b317 The OpenSSF Package Analysis project identified 'chia-dev-guides' @...

Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open

Understanding the risks and impact of deploying dev-mode in production environments...

CVE-2025-49492

Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmdserver/src/devapi.C. This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...

Asrmicro ASR Series 安全漏洞

Asrmicro ASR Series is a series of chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in Asrmicro ASR Series, which originates from an out-of-bounds write to the devapi.C file in lte-telephony that could result in a buffer underflow...

DEBIAN-CVE-2025-38087

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

PT-2025-33574

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw where the indio dev-dev structure is used before initialization in various probe functions. This can lead to a kernel panic when functions like devm...

MAL-2025-5297 Malicious code in pkg-dev-deps-only (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 485d0ed1b5c95a60c68f04e0d03f68c9cb74cf2f0d2cc2181b99be5b1b8d7dc5 Any computer that has this package installed or running should be considered...

Exploit for CVE-2025-30208

🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...

MAL-2025-5312 Malicious code in nordic-dev-ts (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1745e8aa07b56cf04bc594aa60fb250b98666d7c3c65514c610e4e55b39ec70f Any computer that has this package installed or running should be considered...

Malicious code in nordic-dev-ts (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1745e8aa07b56cf04bc594aa60fb250b98666d7c3c65514c610e4e55b39ec70f Any computer that has this package installed or running should be considered...

CVE-2025-6518

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...

CVE-2025-49845

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. An information disclosure vulnerability exists in Discourse versions prior to 3.4.6 and prior to 3.5.0.beta8-dev, which stems from users...

CVE-2025-47943 Gogs stored XSS in PDF renderer

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...

CVE-2025-6518

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...

CVE-2025-6518

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...

CVE-2025-6518 PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...

CVE-2025-6518 PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...