EUVD-2021-9997

Malicious code in bioql PyPI...

EUVD-2023-1761

Malicious code in bioql PyPI...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-59682 via django (>=4.2.0 <=4.2.24)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-59682 Source advisory: OSV:GHSA-Q95W-C7QG-HRFF...

American Fuzzy Lop plus plus 4.34c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

PT-2025-42266

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to memory management and swap operations. Specifically, a race condition between fork and swapoff can lead to a kernel NULL pointer dereference...

CVE-2025-10777

CVE-2025-10777 affects the JSC R7 R7-Office Document Server (versions up to 20250820). A flaw in an unknown function of the file /downloadas/ allows remote exploitation by manipulating the cmd argument to trigger a path traversal. The vendor confirms this vulnerability and specifies a fix in rele...

CVE-2025-58432

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

CVE-2025-58431

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access...

CVE-2025-59416

CVE-2025-59416 affects The Scratch Channel web application. The vulnerability arises from the API’s POST handling, which can be abused by a user with fork privileges to alter administrators and publish articles without proper permission checks. This could allow arbitrary article creation and admi...

CVE-2025-58432

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) contains a local privilege-escalation flaw in the /v2_1/files/file/uploadV2 API. In versions before and including 1.4.1, any user with localhost access can upload files via this endpoint and have them executed with root privileges, enab...

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

PT-2025-38255

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions prior to 1.2 Description: The Scratch Channel is a news website where a user with fork privileges can modify administrators and create articles via a POST request to the API. Recommendations: Update to version 1.2...

Linux Distros Unpatched Vulnerability : CVE-2023-4638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2023-4638 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable...

Malicious code in mutation-fork-cressida-carpo (npm)

The package mutation-fork-cressida-carpo was found to contain malicious code...

MAL-2025-45252 Malicious code in mutation-fork-cressida-carpo (npm)

The package mutation-fork-cressida-carpo was found to contain malicious code...

Malicious code in request-fork-markdown-pdf-elektra (npm)

The package request-fork-markdown-pdf-elektra was found to contain malicious code...

MAL-2025-45813 Malicious code in request-fork-markdown-pdf-elektra (npm)

The package request-fork-markdown-pdf-elektra was found to contain malicious code...

Malicious code in fork-superflare-multiverse-spectron (npm)

The package fork-superflare-multiverse-spectron was found to contain malicious code...

MAL-2025-44287 Malicious code in fork-superflare-multiverse-spectron (npm)

The package fork-superflare-multiverse-spectron was found to contain malicious code...