MAL-2025-44250 Malicious code in fetch-request-hyperion-kardashevscale (npm)

The package fetch-request-hyperion-kardashevscale was found to contain malicious code...

MAL-2025-45598 Malicious code in procyon-cz-conventional-changelog-lynx-fetch (npm)

The package procyon-cz-conventional-changelog-lynx-fetch was found to contain malicious code...

Sensitive Information Disclosure

@backstage/plugin-scaffolder-backend is vulnerable to Sensitive Information Disclosure. The vulnerability is due to duplicate logging of input values in the fetch:template action, which could expose sensitive data if $ secrets.x is used as an argument...

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

...

net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue

...

Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

...

HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX

...

Linux Distros Unpatched Vulnerability : CVE-2020-15168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the...

MAL-2025-42035 Malicious code in node-fetch-v3 (npm)

The package node-fetch-v3 was found to contain malicious code...

Malicious code in node-fetch-v3 (npm)

The package node-fetch-v3 was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-24750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very...

Linux Distros Unpatched Vulnerability : CVE-2025-5064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted...

GHSA-7CQ8-MJ8X-J263 Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

MAL-2025-41856 Malicious code in @espace-client-axafr/fetch-helper (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @espace-client-axafr/fetch-helper (npm)

The package communicates with a domain associated with malicious activity...

Linux Distros Unpatched Vulnerability : CVE-2017-6819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.3, there is cross-site request forgery CSRF in Press This wp- admin/includes/class-wp-press-this.php, leading to excessive use of server...

Linux Distros Unpatched Vulnerability : CVE-2016-7964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to...

Linux Distros Unpatched Vulnerability : CVE-2018-1000161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can resul...

CVE-2025-9299

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-49391

Cross-Site Request Forgery CSRF vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Cross Site Request Forgery.This issue affects Sign-up Sheets: from n/a through = 2.3.3...