20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon aka Qix, who received an email message that mimicked npm "[email protected]", urging them to update their update...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Overview supports-hyperlinks is a Detect whether a terminal supports hyperlinks Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The inject...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Overview color-string is a Parser and generator for CSS color strings Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicio...

PT-2025-36436

Name of the Vulnerable Software and Affected Versions: RICOH Streamline NX versions 3.5.1 through 24R3 Description: RICOH Streamline NX is susceptible to operation history tampering. An attacker capable of performing a man-in-the-middle attack may manipulate HTTP requests, potentially altering th...

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

ASB-A-389127608

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

CVE-2025-58126

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic...

CVE-2025-58123

Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic...

Linux Distros Unpatched Vulnerability : CVE-2020-7692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an...

CVE-2025-58126

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic...

CVE-2025-58127

CVE-2025-58127 concerns an improper certificate validation flaw in the Checkmk Exchange plugin for Dell PowerScale. The underlying issue is TLS/SSL certificate validation failure, which can allow an attacker in a network position to perform a Man-in-the-Middle (MitM) attack and intercept traffic....

CVE-2025-58126

CVE-2025-58126 affects the Checkmk Exchange plugin for VMware vSAN. The root cause is improper certificate validation (TLS/SSL) in the plugin, which permits a man-in-the-middle attacker to intercept traffic. Documented impact is exposure of communications in MitM scenarios; exploitation details a...

CVE-2025-58125

CVE-2025-58125 affects the Checkmk Exchange plugin Freebox v6 agent. The root cause is improper certificate validation, enabling attackers in a network MitM position to intercept traffic. Publicly provided documents consistently describe this flaw, with NVD and vendor/third-party feeds listing th...

CVE-2025-58124 Lack of TLS validation in plugin check-mk-api on Checkmk Exchange

Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic...

CVE-2025-58123

CVE-2025-58123 affects the Checkmk Exchange plugin BGP Monitoring. The root cause is improper certificate validation, enabling MitM attackers to intercept traffic when positioned on the network. Documented sources confirm the vulnerability description but do not provide explicit affected versions...