MAL-2025-139321 Malicious code in alphard-eclipse-deneb-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 669350bcf59eb37c221ae4778203358027c54bfef1008f0df4c38b211cf9331c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Security Bulletin: Due to the use of Eclipse JGit, IBM webMethods Integration is affected by denial of service, and other security issues.

Summary Eclipse JGit is used by IBM webMethods Integration in repository function CVE-2025-4949 Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implemen...

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code VS Code extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier...

Linux Distros Unpatched Vulnerability : CVE-2025-11965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidd...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Java

Summary IBM Sterling Control Center is affected by vulnerabilities in IBM Java CVE-2025-21587, CVE-2025-30698, CVE-2025-2900 and CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

pgcodekeeper 安全漏洞

pgCodeKeeper is an open source Eclipse plugin for database schema management from pgCodeKeeper. A security vulnerability exists in pgcodekeeper version 10.12.0, which stems from storing passwords and usernames in clear text and could lead to the disclosure of sensitive information...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.0 Release.

Red Hat OpenShift Dev Spaces 3.24.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.24 release is based on...

Eclipse BlueChi 安全漏洞

Eclipse BlueChi is an open source service control and state management software for Eclipse. A security vulnerability exists in Eclipse BlueChi that originates from a user with root privileges being able to create or overwrite systemd service unit files on managed nodes, which could lead to...

EUVD-2025-35364

Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names...

EUVD-2025-35593

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...

CVE-2025-11966

CVE-2025-11966 affects Eclipse Vert.x with directory listing enabled: when using Vert.x 4.0.0–4.5.21 and 5.0.0–5.0.4, file/directory names are inserted into generated HTML without escaping in href, title, and link attributes, enabling stored XSS. Red Hat advisory RHSA-2026:0134 notes this CVE is ...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

PT-2025-43147

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 4.0.0 through 4.5.21 Eclipse Vert.x versions 5.0.0 through 5.0.4 Description When directory listing is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and...