GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

EUVD-2020-9113

Malware in sbrugna...

EUVD-2014-2910

Malware in sbrugna...

EUVD-2021-13855

Malware in sbrugna...

EUVD-2025-31639

Malicious code in bioql PyPI...

CVE-2025-34212

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

CVE-2025-34212

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

CVE-2025-34212 Vasion Print (formerly PrinterLogic) Insecure Build Pipeline

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

CVE-2025-34212

CVE-2025-34212 involves Vasion Print (Virtual Appliance Host and App) with CI/CD weaknesses in VA/SaaS deployments prior to versions 22.0.843 and 20.0.1923. The build process pulls an unverified third‑party image, downloads the VirtualBox Extension Pack over HTTP without signature validation, and...

PT-2025-39881

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.843 Vasion Print Application versions prior to 20.0.1923 Description The Vasion Print Virtual Appliance Host and Application have weaknesses in their CI/CD processes. The build process retrieves an unverifie...

Linux Distros Unpatched Vulnerability : CVE-2014-2886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GKSu 2.0.2, when sudo-mode is not enabled, uses double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in...

Malicious code in studocu-extension-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b65c603a493cae2050aa25da30a9442d60b84baa80985df69af20af3e08fc9f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:1114-1 Rating: important References: 1188045 1188105 1188535 1188536 1188537 1188538 Cross-References: CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 CVSS scores: CVE-2021-2409 NVD : 8.2...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2021:1092-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:1092-1 Rating: important References: 1188045 1188105 1188535 1188536 1188537 1188538 Cross-References: CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 CVSS scores: CVE-2021-2409 NVD : 8.2...

PT-2021-2731 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code Remote Development Extension Pack affected versions not specified Description: The issue is related to incorrect code generation management in the Remote Development Extension Pack for Microsoft Visual Studio Code...

Security Update for Microsoft Visual Studio Code Java Extension Pack Extension (March 2021)

Microsoft Visual Studio Code Java Extension Pack could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim. Not...

CVE-2021-27084

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability...

Remote code execution

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability...

CVE-2021-27084

CVE-2021-27084 affects Visual Studio Code Java Extension Pack. The data in connected docs confirms a Remote Code Execution vulnerability tied to this extension pack, with remediation by Microsoft updates. The CVSS/metrics indicate HIGH impact with local attack vector and user interaction required...