MAL-2025-41566 Malicious code in fluxible-router-example (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flux-example-todo (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41565 Malicious code in flux-example-todo (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flux-example-routing (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41564 Malicious code in flux-example-routing (npm)

--- -= Per source details. Do not edit below this line.=-...

Exploit for CVE-2017-0144

Metasploit Framework Cheatsheet Introduction Metasploit i...

CVE-2025-30064

Technical details about CVE-2025-30064 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; current sources do not reveal affected products, versions, or remediation steps.

CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

PT-2025-34858 · Unknown · Verifyuserbythrustedservice

Name of the Vulnerable Software and Affected Versions: versions prior to 2.3 Description: An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. An attacker can use th...

MAL-2025-41382 Malicious code in example-fastify-api (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in example-fastify-api (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in heft-example-plugin-02 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f52fccc098ff9fe7c2f46b5653ed058f4f080380c5de5ab9943c413c30f1ee8 The OpenSSF Package Analysis project identified 'heft-example-plugin-02' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

MAL-2025-41292 Malicious code in heft-example-plugin-02 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f52fccc098ff9fe7c2f46b5653ed058f4f080380c5de5ab9943c413c30f1ee8 The OpenSSF Package Analysis project identified 'heft-example-plugin-02' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

Malicious code in heft-example-plugin-01 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 38de8533a1fa4ae454f1c4c690239b429820ddf54aa69925be16c418d54f6a2b The OpenSSF Package Analysis project identified 'heft-example-plugin-01' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

MAL-2025-41291 Malicious code in heft-example-plugin-01 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 38de8533a1fa4ae454f1c4c690239b429820ddf54aa69925be16c418d54f6a2b The OpenSSF Package Analysis project identified 'heft-example-plugin-01' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

Malicious code in heft-example-lifecycle-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fce75dcff1360927b5ed18017c2b53424afe03e0c1f53f13505883d9fe23fd55 The OpenSSF Package Analysis project identified 'heft-example-lifecycle-plugin' @ 99.0.9 npm as malicious. It is considered malicious because: -...

MAL-2025-41290 Malicious code in heft-example-lifecycle-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fce75dcff1360927b5ed18017c2b53424afe03e0c1f53f13505883d9fe23fd55 The OpenSSF Package Analysis project identified 'heft-example-lifecycle-plugin' @ 99.0.9 npm as malicious. It is considered malicious because: -...

AZL-66572 CVE-2025-38668 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset couplingdesc.ncoupled after freeing coupledrdevs can lead to NULL pointer dereference when regulators are accessed post-unbind. This can...

CVE-2025-38668

CVE-2025-38668: In the Linux kernel regulator core, a NULL pointer dereference can occur on unbind if coupling data is stale because coupling_desc.n_coupled is not reset after freeing coupled_rdevs. This can affect runtime PM and other regulator operations that rely on coupling metadata, potentia...