Malicious code in solidity-utils-docify (npm)

The package solidity-utils-docify was found to contain malicious code...

Metasploit Weekly Wrap-Up 08/28/2025

New module content 2 Pretalx Arbitrary File Read/Limited File Write Authors: Stefan Schiller and msutovsky-r7 Type: Auxiliary and Exploit Pull request: 20480 contributed by msutovsky-r7 Path: auxiliary/scanner/http/pretalxfilereadcve202328459 and exploit/linux/http/pretalxrcecve202328458 Attacker...

@alfresco/aca-generators (>=1.0.0 <=1.0.1), @alfresco/adw-generators (>=1.0.0 <=1.0.1) +98 more potentially affected by CVE-2025-10894 via nx (>=21.5.1-beta.3 <=21.7.0-canary.20250930-e144408)

nx NPM version =21.5.1-beta.3, =1.0.0, =1.0.0, =0.0.1, =11.0.0, =0.52.0, =2.23.0, =0.7.10, =1.0.0, =3.22.0, =9.0.0-next.68, =1.4.0, =3.1.1, =1.0.0, =1.1.2 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41443...

[SECURITY] Fedora 41 Update: python3-docs-3.13.7-1.fc41

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

Fedora: Security Advisory (FEDORA-2025-62fe746ed0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: RHTAS 1.2.1 - Red Hat Trusted Artifact Signer Release

The 1.2.1 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.2 The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18...

Command Injection

mcp-package-docs is vulnerable to command injection. The vulnerability is due to unsanitized input passed to childprocess.exec, which allows an attacker to inject arbitrary system commands and achieve remote code execution under the server process's privileges...

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

Malicious code in python-amazon-doc-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17e1f33275376bf6eef8f0ff4a1f42b8a45bada7b53462c827f397b7554bc2b0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

docs

It is an of...

OpenAPI Documentation for Spin Apps with Rust

Learn how to create, customize, and serve OpenAPI Documentation from within Spin apps written in Rust...

AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation

Incident response IR requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models LLMs have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. ...

Malicious code in metaoffice-documentation (npm)

The package metaoffice-documentation was found to contain malicious code...

MAL-2025-26239 Malicious code in metaoffice-documentation (npm)

The package metaoffice-documentation was found to contain malicious code...

MAL-2025-32863 Malicious code in seaborn-doc-zh (npm)

The package seaborn-doc-zh was found to contain malicious code...

CVE-2025-8948

A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

Fedora 42 : python3-docs / python3.13 (2025-1a9ad70c05)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-1a9ad70c05 advisory. 3.13.6 is the sixth maintenance release of 3.13, containing around 200 bugfixes, build improvements and documentation changes since 3.13.5. ---- This update...

CLSA-2025-1755113204 Fix CVE(s): CVE-2025-29088

SECURITY UPDATE: denial of service issue due to incorrect memory allocations - debian/patches/CVE-2025-29088.patch: harden the SQLITEDBCONFIGLOOKASIDE interface against misuse, such as described in forum post 48f365daec Enhancements to the SQLITEDBCONFIGLOOKASIDE documentation - CVE-2025-29088...

[SECURITY] Fedora 42 Update: python3-docs-3.13.6-1.fc42

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

curl: Insecure WebSocket Usage in curl Documentation and Examples (CWE-319: Cleartext Transmission of Sensitive Information)

The curl source repository contains official documentation and example code that demonstrate WebSocket connections using the insecure ws:// protocol instead of the secure wss://. This misleading guidance may encourage developers to implement cleartext WebSocket endpoints, exposing users and...