Malicious code in protobufjs-protify-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a1fc26bdc2549188a81eca766317ffb5fdf7c0f904db9df458c43a670a86951 Any computer that has this package installed or running should be considered...

MAL-2025-5720 Malicious code in protobufjs-protify-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a1fc26bdc2549188a81eca766317ffb5fdf7c0f904db9df458c43a670a86951 Any computer that has this package installed or running should be considered...

Malicious code in protobufjs-websocket-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...

MAL-2025-5721 Malicious code in protobufjs-websocket-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463: Local Privilege Escalation Exploit for Sudo !...

@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53110 via @modelcontextprotocol/server-filesystem (=0.6.2)

@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...

@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=0.6.2)

@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...

MAL-2025-5407 Malicious code in example-target-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c527df8a6a7f920a0fd9146bf4a738da075f6430ad4a523d1c345fe4deb26b7 Any computer that has this package installed or running should be considered...

MAL-2025-5286 Malicious code in rush-mcp-example-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4593979eeb7174aea0989af27a63ee606786e382185ca406a15e9d4368c687b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. We consider this a lower-severity open redirect, as it can't be exploited from browsers or email clients requires manipulation of a Host header. Details The...

Malicious code in example-malicious (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35d3703ef56e66529b1b9ba0ccc6cf4e863591347a634a085a46636f082d79c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pxsceneui-example-02 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-5049 Malicious code in pxsceneui-example-02 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-47869 Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to...

Exploit for Improper Access Control in Microsoft

CVE-2025-33073 PoC Exploit for the NTLM reflection SMB flaw...

Chain-Of-Code Collapse: Reasoning Failures in LLMs Via Adversarial Prompting in Code Generation

Large Language Models LLMs have achieved remarkable success in tasks requiring complex reasoning, such as code generation, mathematical problem solving, and algorithmic synthesis -- especially when aided by reasoning tokens and Chain-of-Thought prompting. Yet, a core question remains: do these...

thunderbird: Sender Spoofing via Malformed From Header in Thunderbird

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected]...

Malicious code in frontegg-nuxt-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dfeb24eb6c59e883dded7166ce9ff73fb43ab8352fcc2a154f86c7bf96be5e8 Any computer that has this package installed or running should be considered...

MAL-2025-4725 Malicious code in frontegg-nuxt-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dfeb24eb6c59e883dded7166ce9ff73fb43ab8352fcc2a154f86c7bf96be5e8 Any computer that has this package installed or running should be considered...

A Symmetric LWE-Based Multi-Recipient Cryptosystem

This article describes a post-quantum multirecipient symmetric cryptosystem whose security is based on the hardness of the LWE problem. In this scheme a single sender encrypts multiple messages for multiple recipients generating a single ciphertext which is broadcast to the recipients. Each...