@marko/translator-interop-class-tags (>=0.1.1 <=0.2.24), @marko/translator-tags (>=0.1.1 <=0.4.8) potentially affected by CVE-2026-41591 via @marko/runtime-tags (>=0.1.25 <=0.3.86)

@marko/runtime-tags NPM version =0.1.25, =0.1.1, =0.1.1, =0.4.8 Source cves: CVE-2026-41591 Source advisory: OSV:GHSA-X9FJ-57FH-C8WQ...

PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

EUVD-2025-199322

Malicious code in @everreal/validate-esmoduleinterop-imports npm...

CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

EUVD-2025-150357

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710

Summary: CVE-2025-64710 affects Bitplatform Boilerplate (Visual Studio/.NET template). The vulnerability resides in the WebInteropApp/WebAppInterop components and impacts versions prior to 9.11.3, enabling cross-site scripting (XSS). The issue allows injection of malicious scripts that compromise...

bit platform 跨站脚本漏洞

bit platform is an open source application builder from the Bit Foundation. A cross-site scripting vulnerability exists in bit platform versions prior to 9.11.3, which stems from the presence of cross-site scripting in WebInteropApp/WebAppInterop, which could lead to the injection of malicious...

RUSTSEC-2025-0116 tandem_garble_interop is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

tandem_garble_interop is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)

tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...

com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)

tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...

Heap Buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

Cross contract reentrancy attack through changing the xDomainMsgSender

Lines of code Vulnerability details Impact The use of the guaranteed safe CrossDomainMessenger for withdrawals can result in permanent blockages when the recipient address interacts with external addresses, which is an important feature for interoperability and is expected to be widely utilized...

Exploit for Improper Input Validation in Microsoft

CVE-2023-23397-POC-Using-...

[SECURITY] Fedora 35 Update: samba-4.15.12-0.fc35

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

MAL-2022-3277 Malicious code in gather-electron-interop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 555d7a68ccecdb496e00c51f24d61369422e81fe64f0c26ead5b2512c5b85648 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in gather-electron-interop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 555d7a68ccecdb496e00c51f24d61369422e81fe64f0c26ead5b2512c5b85648 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview gather-electron-interop is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...