@ant-design/charts (>=1.0.17-beta.1 <=1.1.4-alpha.0), @thcloud/vmap (>=1.0.1 <=1.0.2) +7 more potentially affected by unknown CVE via @antv/l7-district (=2.3.12)

@antv/l7-district NPM version =2.3.12 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/l7-district and may be impacted: - @ant-design/charts =1.0.17-beta.1, =1.0.1, =0.1.0, =4.4.1, =1.0.13, =1.0.0, =1.0.0, =2.0.2, =2.1.8 Source cves: unknown CVE...

Malicious code in @antv/l7-district (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

CVE-2026-32843

A reflected cross-site scripting (XSS) vulnerability affects Location Aware Sensor System by LinkIt ONE up to commit f06bd20 (2023-04-26) in PM25.php. The issue arises from allowing unencoded payloads via GET parameters (site, city, district, channel, or apikey), enabling remote attackers to exec...

MomentProof Deploys Patented Digital Asset Protection

Washington, DC, 4th February 2026, CyberNewsWire...

ServiceNow Platform Jelly Template Injection (CVE-2024-4879)

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. Note that Nessus has not tested for thes...

EUVD-2014-6844

Malware in sbrugna...

How Los Angeles banned smartphones in schools (Lock and Code S06E10)

This week on the Lock and Code podcast … There's a problem in class today, and the second largest school district in the United States is trying to solve it. After looking at the growing body of research that has associated increased smartphone and social media usage with increased levels of...

Linux Distros Unpatched Vulnerability : CVE-2019-8457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVE-2019-8457...

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

A former software engineer with the U.S. Central Intelligence Agency CIA has been sentenced to 40 years in prison by the Southern District of New York SDNY for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally...

SolarWinds and its CISO accused of misleading investors before major cyberattack

The Securities and Exchange Commission SEC has announced charges against software company SolarWinds Corporation and its chief information security officer CISO, Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 202...

district-foot-lot.fff.fr Cross Site Scripting vulnerability OBB-3760553

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

app.ridgewood.k12.nj.us Cross Site Scripting vulnerability OBB-3424699

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

reservations.geaugaparkdistrict.org Cross Site Scripting vulnerability OBB-3409696

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Tragic Fallout From a School District’s Ransomware Breach

Plus: Cyber Command’s disruption of Iranian election hacking, an exposé on child sex trafficking on Meta’s platforms, and more...

bacolorwaterdistrict.gov.ph Cross Site Scripting vulnerability OBB-3243818

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

reservations.geaugaparkdistrict.org Cross Site Scripting vulnerability OBB-3178903

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

US school district sues Facebook, Instagram, Snapchat, TikTok over harm to kids

Public schools in a Seattle district filed a lawsuit on Friday against parent companies of the biggest social networks on the internet, alleging social media is to blame for "a youth mental health crisis", and saying these companies have purposefully designed, refined, and operated their platform...

DHIS 2 安全漏洞

DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 core versions 2.34, 2.35, 2.36, 2.37, 2.38, and 2.39, which originates from the fact that a DHIS 2 user who has the right...

reservations.geaugaparkdistrict.org Cross Site Scripting vulnerability OBB-2982138

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...