Malicious code in twokey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...

MAL-2026-4458 Malicious code in @toni77777/aora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...

EUVD-2025-198945

Malicious code in @posthog/github-release-tracking-plugin npm...

Malicious code in @posthog/github-release-tracking-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb87af9bbf0349dfcf64e3a477f69780fd16d5d4d8e0269f263dc25214fd2f00 The package @posthog/github-release-tracking-plugin was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190880 Malicious code in @posthog/github-release-tracking-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb87af9bbf0349dfcf64e3a477f69780fd16d5d4d8e0269f263dc25214fd2f00 The package @posthog/github-release-tracking-plugin was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-32448

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

CVE-2025-11280

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

PT-2025-40793

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be...

PT-2025-39659

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions through 1.0.7.2 Description A weakness exists in givanz Vvveb that could allow for cross-site request forgery. The vulnerability affects unknown code and can be exploited remotely. The exploit has been publicly released...

Security Bulletin: NVIDIA Apex - August 2025

NVIDIA has released a software update for NVIDIA Apex. To protect your system, install the software including the Github release 25.07 of NVIDIA Apex. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA TensorRT LLM - April 2025

NVIDIA has released a software update for NVIDIA® TensorRT LLM Framework. To protect your system, download and install the latest release from the https://github.com/NVIDIA/TensorRT/releases page on GitHub. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA NeMo - March 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, download and install the latest release from the NeMo-Framework-Launcher Releases page on GitHub. Go to NVIDIA Product Security...

MAL-2024-9809 Malicious code in rustc_codegen_cranelift-github-release (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in github_release-stats (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-23840 `goreleaser release --debug` shows secrets

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...

Fedora 38 : dotnet7.0 (2023-484d7950a9)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-484d7950a9 advisory. This is the November 2023 monthly update for .NET 7. It includes several security fixes. Release Notes:...

CUPS 2.2.0 < 2.4.6 Use After Free Vulnerability

CUPS is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openprinting:cups"; if...

Arbitrary File Read

Overview Affected versions of this package are vulnerable to Arbitrary File Read via the ReadTextAsync method due to missing filtering. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Issue - GitHub Release Credit: Chaitin Security Research Lab...