CVE-2025-59288

Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising eas...

pycodium (>=0.1.0 <=0.2.1), reflex-ai (>=0.1.0a1 <=0.1.0a18) +10 more potentially affected by CVE-2025-62379 via reflex (>=0.6.0a4 <=0.8.0a7)

reflex PYPI version =0.6.0a4, =0.1.0, =0.1.0a1, =0.2.0, =0.0.1, =0.1.6, =1.0.0, =0.0.9, =10.0.11, =10.0.28 Source cves: CVE-2025-62379 Source advisory: OSV:GHSA-RFH5-C9H5-Q8JM...

CVE-2025-62381

creationtimestamp| type| source ---|---|--- 2025-10-15 17:03:21+00:00| published-proof-of-concept| https://github.com/ciscoheat/sveltekit-superforms/security/advisories/GHSA-hwmc-4c8j-xxj7...

CVE-2025-62379

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

GHSA-5RRX-JJJQ-Q2R5

creationtimestamp| type| source ---|---|--- 2025-10-15 11:35:09+00:00| seen| https://bsky.app/profile/appsecfeed.bsky.social/post/3m3a5mcs3go2d 2025-10-24 11:40:04+00:00| seen| https://gist.github.com/dhmosfunk/0b74940802f1c0e6b4e39101b301072c...

CVE-2025-10754

creationtimestamp| type| source ---|---|--- 2025-10-15 11:32:27+00:00| seen| https://gist.github.com/Darkcrai86/69ab8d1a570cdb2b09d3ca1400494869...

CVE-2025-11722

creationtimestamp| type| source ---|---|--- 2025-10-15 11:31:09+00:00| seen| https://gist.github.com/Darkcrai86/bc6157705c0d97bdf36661c948e61b7a...

CVE-2025-11756

creationtimestamp| type| source ---|---|--- 2025-10-15 06:34:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m37mryz2e72b 2025-10-15 06:52:44+00:00| seen| https://gist.github.com/Darkcrai86/7821ec429c64ac89b1840d7e4882c31e 2025-10-15 21:04:29+00:00| seen|...

GHSA-7P8X-8M3M-58J9

creationtimestamp| type| source ---|---|--- 2025-10-14 19:50:06+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115374254067224192...

EUVD-2025-34363

Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network...

CVE-2025-59288

Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network...

Playwright Spoofing Vulnerability

Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network...

CVE-2025-47856

creationtimestamp| type| source ---|---|--- 2025-10-14 13:52:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115372849741955983 2025-10-14 14:35:28+00:00| seen| https://gist.github.com/Darkcrai86/e8d027ff7b949f86db4477c5aa8e1c7e...

What AI Reveals About Web Applications— and Why It Matters

Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your syste...

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America...

Spring Session Hazelcast: Now Led by Hazelcast Team

It gives me great pleasure to announce that the Spring Session Hazelcast project will now be led by the Hazelcast Team. NOTE: This announcement is in alignment with our announcement Spring Session MongoDB: Now Led by MongoDB Team. For ten years Spring Session has provided the infrastructure for...

PT-2025-42148

Name of the Vulnerable Software and Affected Versions GitHub affected versions not specified Description An improper verification of a cryptographic signature allows an unauthorized attacker to perform spoofing over an adjacent network. Recommendations At the moment, there is no information about...

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control C2 servers that...

CVE-2021-30118

creationtimestamp| type| source ---|---|--- 2025-10-11 05:03:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-30118.yaml 2025-10-12 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-10-12 2025-10-12...

EUVD-2025-33544

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret...