📄 FuguHub 8.1 RSA Private Key Disclosure

A web-accessible documentation file in FuguHub version 8.1 was found to contain an embedded RSA private key paired with an X.509 certificate. The affected file resides within an examples directory and is intended solely for demonstration purposes...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +10915 more potentially affected by CVE-2025-14927 via transformers (>=2.10.0 <=5.8.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14927 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564366...

CVE-2025-15005

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

CVE-2025-15005

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

CVE-2025-15005

CVE-2025-15005 affects CouchCMS up to 2.4. The vulnerability is in the reCAPTCHA Handler, specifically the couch/config.example.php file; manipulating K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY can lead to use of a hard-coded cryptographic key. It is remotely exploitable, with high complexity, a...

CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

EUVD-2025-204679

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

EUVD-2025-203512

Malicious code in example-vue2-micro npm...

MAL-2025-192590 Malicious code in example-vue2-micro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cda06e9583d6e3b61afb6f1134f4d867559022d5844de0fbb5781312b8d5abc The package example-vue2-micro was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview example-vue2-micro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in example-vue2-micro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cda06e9583d6e3b61afb6f1134f4d867559022d5844de0fbb5781312b8d5abc The package example-vue2-micro was found to contain malicious code. Source: ghsa-malware...

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

Command Injection in example_xcom.py via XCom race condition

This report is not public...

PT-2025-49115

Name of the Vulnerable Software and Affected Versions Nextcloud versions prior to 22.2.10.33 Nextcloud versions prior to 23.0.12.29 Nextcloud versions prior to 24.0.12.28 Nextcloud versions prior to 25.0.13.23 Nextcloud versions prior to 26.0.13.20 Nextcloud versions prior to 27.1.11.20 Nextcloud...

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the presence of cross-site scripting in the filespdfviewer example directory, which could lead...

EUVD-2025-201106

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

📄 MobileDetect 2.8.31 Cross Site Scripting

MobileDetect version 2.8.31 suffers from a cross site scripting vulnerability. Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link:...

Malicious code in transparent-example-request99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6678163799dc68caa6452a201456bd093435349d000df2dd5895fbf7b0067b5 The package transparent-example-request99 was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2025-197875

Malicious code in transparent-example-request99 npm...