MAL-2025-3956 Malicious code in qlkube-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3dbf8b78dfd8c62a064365429aad674f445926ed19a43a3ac031b864d3fe2c1 The OpenSSF Package Analysis project identified 'qlkube-docs' @ 3.0.0 npm as malicious. It is considered malicious because: - The package execut...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.

Red Hat Developer Hub 1.6.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Malicious code in pie-docs (npm)

This package steals IP address and sent it to C&C server in preinstall hook...

MAL-2025-3660 Malicious code in pie-docs (npm)

This package steals IP address and sent it to C&C server in preinstall hook...

org.apache.pulsar:pulsar-io-distribution (>=2.3.0 <=2.7.5), org.apache.pulsar:pulsar-io-docs (>=2.3.0 <=2.7.5) potentially affected by CVE-2025-30677 via org.apache.pulsar:pulsar-io-kafka (>=2.3.0 <=2.7.5)

org.apache.pulsar:pulsar-io-kafka MAVEN version =2.3.0, =2.3.0, =2.3.0, =2.7.5 Source cves: CVE-2025-30677 Source advisory: OSV:GHSA-RCQJ-3FMP-5CQX...

org.apache.pulsar:pulsar-io-distribution (>=2.3.0 <=2.7.5), org.apache.pulsar:pulsar-io-docs (>=2.3.0 <=2.7.5) potentially affected by CVE-2025-30677 via org.apache.pulsar:pulsar-io-kafka (>=2.3.0 <=2.7.5)

org.apache.pulsar:pulsar-io-kafka MAVEN version =2.3.0, =2.3.0, =2.3.0, =2.7.5 Source cves: CVE-2025-30677 Source advisory: SNYK:JAVA-ORGAPACHEPULSAR-9685318...

CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.4.3 release.

Red Hat Developer Hub 1.4.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2025-31417

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 2.2.7...

CVE-2025-31417

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 2.2.7...

CVE-2025-31417 WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a...

CVE-2025-31417

Technical details about CVE-2025-31417 (WP Docs) are not provided in the supplied documents. No root cause, affected versions, impact, remediation, or exploit status are available here; please monitor official advisories for updates.

CVE-2025-31417 WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 2.2.7...

WordPress plugin WP Docs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP Docs versions 2.2.7...

Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

Summary IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2022-43901 DESCRIPTION: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could...

UBUNTU-CVE-2025-2720

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data...

airunner (>=3.0.0 <=3.1.7), llama-index-packs-arize-phoenix-query-engine (>=0.0.2 <=0.1.4) +2 more potentially affected by CVE-2024-12910 via llama-index-readers-web (>=0.0.1 <=0.2.4)

llama-index-readers-web PYPI version =0.0.1, =3.0.0, =0.0.2, =0.1.0, =0.1.0, =0.2.8 Source cves: CVE-2024-12910 Source advisory: SNYK:PYTHON-LLAMAINDEXREADERSWEB-9510943...

DRUPAL-CONTRIB-2025-025

This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...

Malicious code in antlir2-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 580dffd4893c96ae46965b4244381b9fcc03d13cdd1cf32b89bb7a0eee2521e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...