Onion Site Template 信任管理问题漏洞

Onion Site Template is a self-hosted example from Vessel9817 Individual Developer. Onion Site Template suffers from a trust management issue vulnerability that stems from the inclusion of a fixed tor mirror, which could lead to a compromised website...

br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +25 more potentially affected by CVE-2025-54656 via org.apache.struts:struts-extras (>=1.3.10 <=1.3.8)

org.apache.struts:struts-extras MAVEN version =1.3.10, =2.0.0, =1.2.1, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =2.1.1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2025-54656 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-11502096...

CVE-2025-43240

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated...

Malicious code in ethical-ping-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6720 Malicious code in ethical-ping-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...

TelegAI Cross Site Scripting

TelegAI, a web application for constructing and chatting with AI Characters, is vulnerable to persistent cross site scripting vulnerabilities in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SV...

Malicious code in pxsceneui-example-03 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a2056080eb99ee23c3a6b2689ac55d696a6b788fb2030a60415a006ee3ab16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5950 Malicious code in pxsceneui-example-03 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a2056080eb99ee23c3a6b2689ac55d696a6b788fb2030a60415a006ee3ab16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HASSLE: a Self-Supervised Learning Enhanced Hijacking Attack on Vertical Federated Learning

Vertical Federated Learning VFL enables an orchestrating active party to perform a machine learning task by cooperating with passive parties that provide additional task-related features for the same training data entities. While prior research has leveraged the privacy vulnerability of VFL to...

MAL-2025-5720 Malicious code in protobufjs-protify-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a1fc26bdc2549188a81eca766317ffb5fdf7c0f904db9df458c43a670a86951 Any computer that has this package installed or running should be considered...

Malicious code in protobufjs-protify-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a1fc26bdc2549188a81eca766317ffb5fdf7c0f904db9df458c43a670a86951 Any computer that has this package installed or running should be considered...

Malicious code in protobufjs-websocket-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...

MAL-2025-5721 Malicious code in protobufjs-websocket-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463: Local Privilege Escalation Exploit for Sudo !...

@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53110 via @modelcontextprotocol/server-filesystem (=0.6.2)

@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...

@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=0.6.2)

@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...

MAL-2025-5407 Malicious code in example-target-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c527df8a6a7f920a0fd9146bf4a738da075f6430ad4a523d1c345fe4deb26b7 Any computer that has this package installed or running should be considered...

MAL-2025-5286 Malicious code in rush-mcp-example-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4593979eeb7174aea0989af27a63ee606786e382185ca406a15e9d4368c687b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. We consider this a lower-severity open redirect, as it can't be exploited from browsers or email clients requires manipulation of a Host header. Details The...