EUVD-2025-111981

Malicious code in kastra-scorpius-mocha-fetch npm...

EUVD-2025-112209

Malicious code in jekyll-fetch-lyra-lint npm...

MAL-2025-140484 Malicious code in castor-fetch-webdriver-manager-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51232fa12f2d0aa1acb5f8f227042e036d7eab4c9faf1918109f2c1b887da57f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fetch-husky-europa-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42ec5ebb87d9beb9b2b0237447f6fb1b337d45c7d61ac2ef391f2e1546be1a27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142460 Malicious code in fetch-virgo-nashira-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5313f53f3f660bb8e9d871ae08b0f9251fc9200b75390bae8273643364e9b20c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-93542

Double fetch in sandbox kernel driver in Avast/AVG Antivirus 25.3 on windows allows local attacker to escalate privelages via pool overflow...

CVE-2025-13032

Double fetch in sandbox kernel driver in Avast/AVG Antivirus 25.3 on windows allows local attacker to escalate privelages via pool overflow...

CVE-2025-13032

Double fetch in sandbox kernel driver in Avast/AVG Antivirus 25.3 on windows allows local attacker to escalate privelages via pool overflow...

CVE-2025-13032

CVE-2025-13032 affects Avast/AVG Antivirus on Windows prior to version 25.3. A double-fetch race condition in the sandbox kernel driver can allow a local attacker to escalate privileges via a pool overflow. Public sources in connected documents corroborate a kernel-driver vulnerability leading to...

CVE-2025-13032

Double fetch in sandbox kernel driver in Avast/AVG Antivirus 25.3 on windows allows local attacker to escalate privelages via pool overflow...

PT-2025-46368

Name of the Vulnerable Software and Affected Versions Avast/AVG Antivirus versions prior to 25.3 Description A double fetch race condition exists in the Avast/AVG kernel sandbox driver on Windows. This condition allows a local attacker to escalate privileges through a pool overflow. The issue...

EUVD-2025-38012

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...

PT-2025-45209

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...

CVE-2025-62719

LinkAce CVE-2025-62719 affects the htmlKeywordsFromUrl function in FetchController (versions ≤ 2.3.0). It allows SSRF by fetching user-provided URLs without validating that the destination is external, enabling authenticated attackers to perform port scanning and service discovery on internal net...

CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

EUVD-2025-36676

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...

CVE-2025-62790 Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...

CVE-2025-62790 Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...

CVE-2025-62790 Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fimfetchattributesstate implementation does not check whether timestring is NULL or not before calling strlen on it. A compromised agent can cause a crash of analysisd by sending a...

CVE-2025-62790

Wazuh before version 4.11.0 is vulnerable to a NULL pointer/NULL string dereference in fim_fetch_attributes_state(), where time_string is not checked for NULL before calling strlen(). A crafted agent message to the Wazuh manager can crash analysisd, causing denial of service and unavailability of...